​​CyberSecurity

The Security Services team provides State agencies with a common statewide strategy for secure, effective, and technically sound use of the State's information technology resources. The team is responsible for the establishment of Security Policies, Security Guidance, Security Awareness, and is a source of IT security information for State agencies.

Additional security resources can be found on the Department of IT's Security Services​ page.

Security Awareness Training

Service

 

Description:

The Maryland Department of Information Technology (DoIT) offers Security Awareness Training through Infosec Institute INFOSEC IQ. This training is specifically related to SB 553 (CH0467), State Government - Security Training - Protection of Security-Sensitive Data.

Features and Benefits

Training Content Library include but are not limited to:

  • Malware & Phishing
  • Social Engineering
  • Privacy & PII
  • Mobile Security
  • Password Security
  • Compliance
  • Physical Security & Hardware
  • Secure Applications Development
  • Web-Based Threats
  • Privacy & Data Protection
  • Personal Security
  • Advanced Cybersecurity & Risk Management
  • Network Security
  • GDRP
  • HIPPA
  • Cloud Security
  • Administrative Modules
  • Additional Training modules are available
  • Email Phishing Campaign

Department. Owner:

Security Services


Service Owner:

Derek Wheeler

derek.wheeler@maryland.gov

(410) 697-9396 Office


Support Contact:

DoIT Service Desk

service.desk@maryland.gov

(410) 697-9700  


Status:

Currently offered

Ellible Customers

 
Enterprise State of MD Agencies Yes
Standalone (non-Enterprise) State of MD Agencies Yes
Counties (waiting to hear from procurement) No
Local Municipalities (waiting to hear from procurement) No
Public No

Notes:
DoIT has an established Infosec contract from which country and local partners can purchase Infosec software, maintenance and support. Please visit the DoIT website under Procurement & Contracts for details.

​​

Service Prerequisites

 

Before service can be offered the client must meet the following requirements:

DoIT Provided Services: None
Technical: State of MD Agencies must provide CSV file for all employees required to participate in the INFOSEC IQ Security Awareness Training to DOIT Security Services
Non-Technical: State of MD Agencies are required to submit a Security Awareness Training Plan identifying Agency assigned Security Awareness Managers to the DOIT Security Services

Notes:

​Each State of MD Agency is required to submit a CSV File. The CSV File should include all employees and contractors information to include first name, last name, email address and Group/Agency before the INFOSEC IQ Security Awareness Training can be configured.

Scope of Service

 

This section outlines the area of responsibility between the provider (DoIT) and the customer.

In Scope:

  • Agency Managers are required to maintain employee information to include additions, deletions and changes in employment.DOIT will manage and maintain the INFOSEC IQ platform as it relates to the State of Maryland.

Out of Scope:

  • Significant customizations that are not covered by the current contract.
  • Onsite training

Customer Responsibility

 

Notes:


Each Agency is required to assign a Security Awareness Training manager for the agency.  The Agency Security Awareness Manager is required to maintain updated employee information to include employee additions, deletions and changes in employment status.

Service Level Agreements

 
Availability:
Vendor Dependent
Capacity:
56,000 Licenses
Service Hours: Training is available 24 hrs a day
Maintenance Scheduled:
    Vendor Dependent
    Upgrades and Refreshes:
    Vendor Dependent
      ​​