Region 5 Cyber Planning Team
Public and private organizations across Region 5 are entrusted with sensitive and confidential information that include, but not limited to, Criminal Justice Information (CJI), Protected Health Information (PHI), Federal Tax Information (FTI), and Personally Identifiable Information (PII). Pierce County has established a regional Cyber Planning Team Strategy intended to align information security with operational strategy; to comply with applicable legal and regulatory requirements; to achieve industry standards; to manage, monitor, and mitigate information security risks and incidents; to optimize information security investments; to manage information security resources efficiently; and to monitor the ongoing effectiveness of the Cyber Planning Team campaign and subsequent programs.
The purpose of the Cyber Planning Team (CPT) is to provide guidance and recommendations to all disciplines and sectors within Region 5 (Tacoma-Pierce County) to prevent, protect against, respond to, recover from, and mitigate against acts of terrorism and other technological and human-caused events conducted through cyberspace. Guidance and recommendations will be in the form of planning, training, and exercises.
The initial campaign will be conducted over a period of 12 months, at the end of which the CPT will evolve into a Cyber Advisory Group for the Region.
Information Risk Management
Identify and manage information security risks and align the Strategy with the operational needs of County organizations.
Create and maintain a program to implement the Strategy.
Incident Management & Response
Plan, develop, and manage appropriate capabilities and measures to detect, respond to, and recover from information security incidents.
Establish and maintain a governance structure through the CPT to provide for accountability and assurance that the Strategy is aligned with the operational needs of County agencies and consistent with applicable law, regulations, and industry best practices.
- Promote and enhance collaboration on strategies and policies to address cybersecurity
- Conduct agency-specific Business Impact Analysis (BIA)
- Develop organizational Continuity of Operations (COOP)/Business Continuity Planning
- Improve technical-to-end-user information sharing
- Develop a framework for understanding regulatory requirements
- Develop a multi-year, progressive training and exercise plan across each organization that includes key stakeholders
- Build and strengthen partnerships between local, county, state, federal, and private sector partners
- Encourage networking among public and private sector stakeholders to identify interdependencies before a disaster
- Develop a system/schedule to socialize Suspicious Activity Reporting (SAR) procedures to all levels of employees
- Leadership buy-in of the cybersecurity philosophy to promote organizational security awareness
- Enhance resiliency to cybersecurity incidents through discussion of cyber incident reporting, protocols, and available regional resources
- Prioritize the training needed to implement regional plans and polices
- Prioritize training needed to support regional exercises
- Prioritize regional exercises that build or sustain capabilities