State of Montana Cybersecurity
Featured Links
CYBERSECURITY ABOUT US
About Us
Office of Security Services
The Office of Security Services is located in the State Information Technology Services Division (SITSD) in the Department of Administration (DOA), we are responsible for protecting the State's cyber assets and securing the State's cyber services to the citizens of Montana. The Office of Security Services is comprised of two sections:
Cybersecurity Operations
- Provides incident response and technical security services to the State of Montana.
- Provides investigative services utilizing digital forensic techniques.
- Acts as subject matter experts for technical security inquiries.
- Performs vulnerability and compliance scanning of information systems.
- Conducts penetration test engagements.
Policy & Risk Management
- Provides security policy and risk management services to the State of Montana.
- Creates a framework of safeguards and information security best practices based on by the National Institute of Standards and Technology (NIST) as well as other national standards.
- Promotes adoption of consistent information security policies throughout all state agencies.
- Furthers information security awareness and skills among State of Montana employees.
- Enhances the overall posture of information security within state agencies.
- Encourages collaboration between state agencies through the Montana Information Security Advisory Council (MT-ISAC).
Leadership
Chief Information Security Officer
Chris Santucci, MBA, GOSI
Contact me: Email
Cybersecurity Operations Bureau Chief
Vacant
Contact me: Email
Enterprise Security Compliance Officer
Michael Barbere, MSIA, CISSP, CCSP, GSNA, GCCC, GCLD
Contact me: Email
Policy & Risk Management Bureau Chief
Daniel Donithan
Contact me: Email
Security Architect
James Zito, CISSP-ISSAP, ZTX-I
Contact me: Email
Mission, Vision, and Goals
We align our Mission, Vision, and Goals with those from the Department of Administration (DOA) and the State Information Technology Services Division (SITSD). The core of "what we do, how we do it, and why we do it" is governed by a central theme: " Protect State information assets and citizen's data".
Our Mission
Our mission is to protect and preserve the confidentiality, integrity, and availability of the State's information assets by managing risks, hunting threats, and mitigating vulnerabilities before they are exploited to harm the State's people, processes, or technology.
Our Vision
Our vision is to provide a secure environment for the State to conduct business and provide services to the citizens of Montana.
Our Goals
Our primary goal is to enhance information security by implementing standardized best practices to protect systems, assets, and data in a cost-effective manner.
- Objective 1.1 Develop and implement security standards, common controls, and best practices for information systems.
- Objective 1.2 Enhance the enterprise information security training and awareness program.
- Objective 1.3 Protect information systems across the state by leveraging the public-private partnerships established by MT-ISAC to enhance information sharing, outreach, and risk awareness.
- Objective 1.4 Develop the internal review and compliance program to provide data that proves efficient security controls or identifies security gaps to remediate.
- Objective 1.5 Develop automated processes in continuous monitoring and risk management to identify threats, gain efficiencies, and overcome resource limitations.
- Objective 1.6 Perform a cybersecurity cost analysis for the State of Montana, including investment recommendations.