Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Michigan Department of State
(MDOS)
Risk Mitigation:
Multiple Factors and Approaches
Purpose
The purpose of the risk mitigation is to reduce the potential for
adverse future events. Mitigation aids in recovering from
business operation disruptions, disasters, and helps maintain
status quo operations.
Risk Mitigation
Primary focus is on IT today….
▪ IT is important and should be included
▪ Focus on recovery efforts from various
disruptions
▪ Cover a broad spectrum of disruptions
-network outages, power outages
-building access, pandemics,
-inaccessible data, customer actions
-bad actors
Risk Mitigation
Risks MDOS has identified…
Risk Mitigation
1. IT outages, physical building inaccessibility, active shooter
scenarios, disruptions due to weather… these are addressed with
the department’s Business Continuity of Operations and Recovery
Plan (BCORP)
2. Cyber threats
3. Loss of all or partial communication
4. Inappropriate customer activity or actions
5. Large scale, coordinated fraud (money, information, votes…)
6. Large event (i.e. Presidential Elections) risks
Risk Mitigation
Outages that the BCORP Focuses On▪ IT outages
▪ Physical building inaccessibility
▪ Active shooter scenarios
▪ Disruptions due to weather
▪ For major data or IT outages, we use the BCORP to guide us on
when to institute overall or individual IT disaster recovery plans
▪ The MDOS BCORP does establish pre-scheduled call-in times and
numbers for use if there is an emergency that prevents physical
access
▪ MDOS does annually train staff for active shooter events
Risk Mitigation
Cyber Threats
▪ MDOS relies on the Department of Technology, Management, and
Budget for cyber threat prevention
▪ MDOS does try to mitigate risk through our own Information Security
Office
Risk Mitigation
Loss of all or partial communication▪ When email is not accessible or functioning
▪ When phone land lines are down
▪ When cellular service is bogged down or disrupted
▪ The MDOS BCORP does establish pre-scheduled call-in times and
numbers for use if there is an emergency.
▪ MDOS also will post physical paper signs at pre-established locations
and use news outlets to communicate with staff and customers.
▪ The use of the three (3) 800 MHz radios on the MPSCS
Risk Mitigation
Loss of all or partial communication▪ When email is not accessible or functioning
▪ When phone land lines are down
▪ When cellular service is bogged down or disrupted
▪ The MDOS BCORP does establish pre-scheduled call-in times and
numbers for use if there is an emergency.
▪ MDOS also will post physical paper signs at pre-established locations
and use news outlets to communicate with staff and customers.
▪ The use of the three (3) 800 MHz radios on the MPSCS
Risk Mitigation
Inappropriate customer behavior▪ We experience numerous customer “events” each week
▪ Some require law enforcement response
▪ Some require first responder response
▪ MDOS wants to reduce customers in the branches as 70% of those who
come to the branch can do their business virtually
▪ MDOS has a goal of 30 minutes or less for customers with appointments
• Any branch up to 6 months in advance
▪ MDOS is designing branches to be less institutional
▪ Service without staff
• Self Service Terminals (SSTs)
• Expanded online services
Risk Mitigation
Large Scale Fraud▪ License plates, tabs, watercraft stickers, snowmobile stickers, moped
stickers, and titles all have a street value
▪ Some customers have been caught trying to circumvent the law for
insurance with short term temporary policies and then cancel them
▪ Some clerks have experienced bribery for actions or information
▪ MDOS secures all “saleable” items in our fenced, alarmed, and video
monitored warehouse
▪ All items are tracked in our system and by our Inventory Unit
▪ Our Office of Investigative Services works with Insurance
companies to combat insurance fraud
▪ We work with staff on the seriousness of being offered
money for requests
Risk Mitigation
2020 Presidential Election Preparation▪ Securing infrastructure
▪ Upgraded voting technology in 2017 & 2018
▪ Improved Qualified Voter File system
▪ 5-Point Security Plan
▪ Long-standing accuracy and integrity practices
▪ Misinformation detection
▪ Decentralized system (1500+ clerks in 83 counties)
▪ Cooperation among all election officials
▪ Public Hearing results
▪ Suspicious Activity Reporting
Questions/Discussion