CenITex, the Victorian Government’s shared ICT services agency, is looking to improve its organisational capability, processes and tools to facilitate information security management.
The initiative, part of a wider efficient technology services program, will see an upgrade of its capability to deliver ICT threat and vulnerability management (TVM) to government agencies and departments, better secure its own operating environment and facilitate continuous improvement initiatives.
The upgrade will occur in three areas: threat and vulnerability management technology capability, service management and maintenance, and systems implementation and integration services.
According to CenITex documents, the agency's existing TVM capability is a fragmented mix of multiple vendor products and managed security services inherited following changes within government.
In addition, the group of 15 Victorian Government departments and agencies (G15) which CenITex serviced was providing an ever-increasing quantity of data.
“However, the security systems supporting access to data assets varies in maturity across the G15,” the documents read. “The number of information security technology product sets supporting the TVM capability across the Victorian Government departments and agencies is varied and not standardised, resulting in a high total cost of ownership.”
With new security infrastructure in place, CenITex expects to be able to provide standardised end user computing, server and network protection solutions that maintain the security and integrity of the operating environment.
Furthermore, the agency said that as part of its information security roadmap, it intended to provide information security capability as a service to its customers.
“CenITex intends to setup a security and network operations centre to manage and report on the integrity and threat profile of supported infrastructure assets in a centralised and standardised manner,” the documents read.
The agency also flagged the importance of facilitating improved reporting to enable customers to track their threat and exposure profile
“The provision of information security technology as point solutions that are not integrated from a reporting and management perspective is no longer an acceptable solution,” the documents read. “It is CenITex’s intention to deploy an integrated TVM solution that will facilitate the implementation and management of a standardised security tooling capability and on-demand security reporting capability for its customers.”