IT Security

IT Security ensures that an organization's material and software resources are used only for their intended purposes. At ITD, security is a part of everything we do.

Security Goals

  1. Integrity: Guaranteeing that data is what it is believed to be
  2. Confidentiality: Ensuring that only authorized individuals have access to the resources being exchanged
  3. Availability: Guaranteeing the proper operation of information systems
  4. Non-repudiation: Guaranteeing that an operation cannot be denied
  5. Authentication: Ensuring that only authorized individuals have access to the resources

Security Best Practices

Security Awareness

Security Officers

Securing IT resources within ND state government requires collaboration among stakeholders. In accordance with the Incident Prevention/Response/Notification Standard, each customer of ITD shall designate an agency contact. That person, known as the agency's Security Officer, becomes part of a proactive group that communicates and corrects security incidents and vulnerabilities.

The primary communication channels used is the Security Officer's ListServ. For confidentiality reasons, membership to the list is managed by ITD. Customers may join the Security Officer's Listserv by sending an enrollment request along with their name, agency name, phone number, and email address to itdsecur@nd.gov.

Password Changes

ITD uses a challenge-question process to verify the identity of anyone requesting a password change. Individuals are required to complete an Online Password Information Form or provide the Service Desk with a Password Change Information Form (SFN52378) before ITD can reset their password.

References

Associated Rates

Title Current Rate Current One Time Fee
Technology Fee

Network access charge is assessed for each state FTE for statewide area network access and other network services.

64.00/FTE

Related Standards and Guidelines

Access Control Standard

Login and password policy and procedures.

Active Directory Standard

Policies and responsibilities for the installation and coordination of Active Directory in the state of North Dakota

Anti-Malware Standard

Policies and responsibilities for the use of Anti-Virus and Anti-Malware tools

Auditing Standard

Ensures basic auditing requirements are in place

E-Services Security Standard

Ensures that customer information resulting from online activities or electronic commerce is secured.

Employee Security Awareness Standard

Ensures employees are informed of current security best practices recommended for technologies being utilized by the state.

Encryption Standard

Ensures that sensitive information is encrypted.

Incident Prevention, Response, and Notification Standard

Ensures that any vulnerabilities or incidents are communicated to the necessary individuals.

Mobile Device Access Control Standard

Establishes security procedures for access to mobile devices.

Physical Access Standard

Establishes physical security policies to minimize the risk of unauthorized access to the state government network.

Public Workstation Access Standard

Establishes a public workstation security policy to minimize the risk of unauthorized access to the state government network.

Remote User Access Standard

Establishes policies to provide remote access capability without compromising the network.

News

This is a reminder that on Tuesday, July 14, 2015, Microsoft will discontinue support for the Windows 2003 Server Operating System.

ND Login Forced Password ChangePosted: Jun 18, 2015News

After June 21st, users of an ND State Login account will be required to update their password upon their next successful login.

Learn about the importance of cyber security, and how to keep your information safe.

May 2014 Security NewsletterPosted: May 30, 2014News

Learn about Protecting Against Mobile Malware in this month's edition of the Security Newsletter.