|
November 2025
View in Browser
Upcoming Events
Electronic Government Portal Advisory Board (EPAB) Meeting
November 20, 2025
About EIS
Enterprise Information Services ensures accessible, reliable and secure state technology systems that equitably serve Oregonians.
|
|
Cybersecurity Awareness Month 2025 has come to a close, and what a success it was! Throughout October, Enterprise Information Services (EIS) partnered with the National Cybersecurity Alliance to reinforce the Core 4 steps to Stay Safe Online, plus a bonus week on Artificial Intelligence. Together, state of Oregon employees logged 924 hours of cybersecurity training during October. That's equivalent to 115 full workdays of learning! The engagement made all the difference in building a stronger, safer digital workplace.
Keep the Momentum Going!
Cybersecurity isn’t just for October. It’s a year-round commitment. Continue applying the Core 4, complete optional Workday training modules, and stay alert to evolving threats.
|
|
CSS Cyber Assessment
To strengthen agencies’ cybersecurity posture, Cyber Security Services (CSS) implemented a new CIS IG1+ controls post-remediation follow-up process and want to spotlight two early wins.
The Oregon State Marine Board (OSMB) was one of the first agencies to undergo the post-assessment collaboration process April to June 2024, and after only 18 months, they were able to enact a number of control and policy updates (utilizing enterprise tools and policy templates) that allowed for a score improvement of at least 23% in each measured control area, with an average improvement of over 55% in each category.
Oregon State Police (OSP), since the beginning of their post-assessment process in January - March 2025, have enacted fixes for over 63% of their findings and are on track to exceed both enterprise averages and enterprise goals across numerous control groups.
|
Data Equity Summit
The second annual Oregon Data Equity Summit took place October 28-30, 2025. The cross-agency collaboration hosted the all-virtual event and had more than 950 attendees over the three-day event where attendees engaged in learning and sharing opportunities.
The keynote speaker, Dr. Luhui Whitebear, Assistant Professor of Indigenous Studies at Oregon State University and Chair of the Corvallis School Board, eloquently showed attendees the importance of understanding the human experience behind the data. She inspired each person to:
"...review our data equity policies and see what more we can do to help people feel seen"; and to
"...build an open-source data ecosystem tool, focused on data sovereignty and data security."
The planning committee is working to organize workshops and discussion groups throughout the year.
|
MS-ISAC Membership
The Multi-State Information Sharing and Analysis Center (MS-ISAC) is a Cybersecurity and Infrastructure Security Agency (CISA) supported collaboration to serve as the central cybersecurity resource for U.S. state, local, territorial, and tribal (SLTT) governments.
The power of an MS-ISAC membership is specific threat intelligence, peer collaboration and shared practices, 24x7x365 Security Operations Support, and a defense-in-depth strategy to strengthen your cyber posture and deter opportunistic attacks.
MS-ISAC recently hosted a webinar exploring how Oregon is strengthening its digital defenses through this statewide approach. The session covered what MS-ISAC membership means for eligible entities and how agencies can take advantage of the tools and support now available.
|
|
PSU E-Gov Research
Researchers from Portland State University’s Center for Public Service (PSU team) recently concluded the fourth phase of an ongoing project about the state of Oregon’s E-Government.
E-Government provides over 300 different online services for Oregonians. Thanks to the participation of over 2,000 Oregonians over the past four years, the PSU team compiled data through surveys, focus groups, and interviews.
The team learned about user experiences of accessing state of Oregon websites, what they like about it, and what issues they face when doing so.
The PSU E-Government project supports the state's ongoing interest in learning from the public and using data that drives continual improvements.
|
Data Center Services Offers Improved Resiliency
The Resilient Site Implementation (RSI) Project is not just another IT upgrade - it’s a strategic investment in resilience, business continuity, security, and public trust.
Our previous backup site in Montana served the state well, but today’s risks from cyber threats to natural disasters require more.
This new site supports faster recovery, better protection, and flexible service options. It’s part of our commitment to dependable, outcome-focused technology that supports the work agencies do and builds public trust. Questions? We’re here to help.
|
Immutable Backup Validation
As part of the state's ongoing commitment to cybersecurity resilience, Cyber Security Services will soon be conducting a survey to assess enterprise-wide data protection and recovery capabilities.
This initiative focuses on verifying agency and enterprise immutable backups, a critical safeguard in the event of a cyberattack.
The survey will evaluate both agency and enterprise immutable backup systems to confirm that they support validated service recovery. The goal is to ensure that every agency, board and commission, 81 in total, can demonstrate an independent process that documents a repeatable capability.
|
|
Data Center Services continues to meet and exceed its target for Oregon Key Performance Measure. The benchmark for percentage of time systems are available, known as “three nines availability,” requires systems available 99.90% of the time, or no more than 8.77 hours of downtime per year. Data Center Services has met or surpassed this goal four years in a row and is on track to exceed it again in FY 2026.
Three nines availability ensures users experience reliable access to critical systems that support state services. This performance reflects disciplined management and continual improvement in technology operations. Data Center Services achieves this through lifecycle replacement of aging systems, proactive monitoring of compute, network, and storage capacity, and expanded automation that improves service consistency.
These combined efforts protect service continuity for agencies and the public, reinforcing EIS’s commitment to reliable, secure, and high-performing IT systems.
|
|
|
Oregon Geographic Information Council (OGIC) in Action
The Oregon Geographic Information Council (OGIC) continues to lead efforts to improve data sharing among public agencies across the state. By working together to standardize geospatial data, agencies can better understand statewide needs—resulting in more effective services, smarter policies, and well-informed decisions.
OGIC’s ongoing data-sharing initiative focuses on:
- Identifying challenges in maintaining Oregon’s Framework data
- Strengthening partnerships and collaboration among public agencies
- Making geospatial data more accessible to all Oregonians
OGIC’s collaboration and partnership with public bodies helps to make Oregon’s Framework Program data available to the public through GEOHub, Oregon’s Authoritative Geospatial Repository.
The Framework Program includes 168 key data elements, of which 59 elements has been completed. OGIC will continue to collaborate with public bodies on all remaining data elements to identify challenges in maintaining framework data, encourage regular updates, and promote open data sharing.
|
|
DCBS Cybersecurity Operations
Enterprise Information Service Cyber Security Services (EIS-CSS) would like to commend the Department of Consumer and Business Services (DCBS) on implementing a strong governance structure to support, manage, and monitor its cybersecurity posture and activities. The governance structure includes their Information Security Council, which drives their Cybersecurity Operations Roadmap described below by Aly Houghton, DCBS’ Cyber Defense Administrator, as well as an Executive Advisory Committee member.
"DCBS developed a comprehensive roadmap designed to bring structure, visibility, and prioritization to our cybersecurity efforts. What began as a response to audit findings has evolved into a living, scalable program that continues to guide our agency’s security initiatives today.
Our roadmap leverages CIS Critical Security Controls as a foundation for evaluating maturity and identifying areas of focus. Each initiative—called an “effort”— is assessed for its risk reduction impact, resource needs, and feasibility within 3–6-month work cycles. This approach allows us to balance long-term strategic goals with actionable short-term progress.
We prioritize work that meaningfully improves our security posture rather than focusing solely on compliance. Through collaboration between our executive steering committee, program teams, and our enterprise security partners, we ensure that our roadmap remains dynamic, transparent, and aligned with both agency needs and enterprise direction." - Aly Houghton
If you would like to learn more about the DCBS cybersecurity governance structure, roadmap, or the tools, click a button below.
|
|
|
|
|
