⚠️ Translation Notice: This content has been automatically translated. The original English text is the official version. Translation may contain errors.
⚠️ Este contenido ha sido traducido automáticamente. El texto original en inglés es la versión oficial. La traducción puede contener errores.
Findings and Recommendations 6 findings
F1
Contracts for Information Technology, Information Systems, and Cybersecurity services between third-party providers and Marin County governmental agencies should contain a Business Continuity clause, or other language, protecting that agency from a sudden cessation of services provided by the third-party provider.
Related Recommendations (1)
R1
Marin agencies should require a current (executed within the last five years), competitively-bid, written contract which includes business continuity language for any third-party Information Technology services they use.
F2
Marin County municipalities should have current, written contracts with third-party providers of Information Technology, Information Systems, and Cybersecurity services, and should not continue to use those providers’ services without a current contract.
Related Recommendations (1)
R2
The Board of Supervisors should authorize the creation of a new position within the Department of Information Services and Technology for the 2025-2026 fiscal year, with specific responsibilities to assist other County agencies in cybersecurity awareness, training, implementation, and monitoring of cybersecurity systems.
F3
Membership in insurance risk pools provides the benefits of cybersecurity assessments and audits, which highlight cybersecurity deficiencies and make suggestions for improvement.
Related Recommendations (1)
R3
The Board of Supervisors should require that the Marin Department of Information Services and Technology evaluate the formation of a Cybersecurity Joint Powers Authority to raise overall cyber preparedness amongst its members, and for the purpose of acquiring and maintaining perimeter defense protection systems for preventing and eliminating ransomware and other more sophisticated cyberattacks.
F4
Having a completed, adopted and regularly updated cybersecurity plan helps ensure that all staff within a government agency are working together to optimize that organization's cyber preparedness and security.
Related Recommendations (1)
R4
The Board of Supervisors should create two new system-engineering positions to be filled by cybersecurity experts who would be responsible for conducting security risk assessments, providing recommendations and implementing cybersecurity solutions for public agencies in Marin, among their other tasks.
F5
Joint Powers Authorities in Marin County exist to provide more efficient and cost-effective services to the people of Marin.
Related Recommendations (1)
R5
If and when a Joint Powers Authority is created, one of these positions would serve as a County member of the new organization and a liaison with the Chief Information Security Officer.
F6
The current County Collective Bargaining Agreements prevent the Marin County Department of Information Systems & Technology from unilaterally negotiating managed service agreements (outsourcing work to third parties).
Related Recommendations (1)
R6
All Marin municipalities should: a) take all steps necessary to acquire an appropriate .gov or .ca.gov domain; b) formulate and adopt a plan for rolling out a .gov or .ca.gov website and emails by the start of the 2025-2026 Fiscal Year.
Additional Recommendations 4
These recommendations are not explicitly linked to specific findings.
-
R7The Board of Supervisors should require that the Marin Department of Information Services and Technology: a) develop a plan to redefine a secure network infrastructure of the MIDAS system which solely focuses on providing access to law enforcement, emergency response and justice systems, or other online County services, and exclude Internet Service Provider services; b) take all steps necessary to transition administration of MIDAS from Marin IT to The County of Marin Department of Information Services and Technology.
-
R8The Board of Supervisors require that the Marin Department of Information Services and Technology and the Department of Human Resources develop a plan for negotiating the inclusion of language that allows for managed service agreements in new Collective Bargaining Agreements with MAPE and MCMEA that will start in July of 2025.
-
R9The Board of Supervisors requires that the Marin Department of Information Services and Technology update its Top 10 Cybersecurity Tips for Organizations at least once a year.
-
R10The Board of Supervisors requires that the Marin Department of Information Services and Technology more directly promote, through the Marin Security and Privacy Council, its Top 10 Cybersecurity Tips for Organizations to all of Marin’s public agencies.
No Responses Found 1
Government entities assigned to respond to this report. No response documents have been linked in our database.
Marin County
County