INFORMATION SECURITY

​​​Information security in the Office of the Chief Information Officer (OCIO) is one of strategy, governance, oversight and management of information technology risks focused at the County level, not one of providing information security operations. Under the direction of the Chief Information Security Officer (CISO) Departmental Information Security Officers (DISOs) perform the same functions at the department level through information security governance. The distributed environment within LA County places authority and responsibility for information security operations within the 37 individual departments.

OCIO Cybersecurity Tips

Information Security Vision, Philosophy & Mission

Vision

Establish Los Angeles County as a model and national leader in the protection of information assets.

Philosophy

Ensure a high degree of information security and privacy in the daily activities of Los Angeles County departments, agencies, commissions, workforce members and partners (private and public) while supporting their business operations.

Mission


Promote and facilitate effective information security and privacy.

Information Security Guiding Principles

Guiding principles serve as our highest-level guidance to ensure decisions best support business direction. They are primarily used as a metric to gauge organizational progress over time on how decisions are increasingly aligned with business direction, assist in proactively making decisions to more efficiently deliver results and factors in deciding between proposed design options, proposed standards, vendor and product selection, go-no-go decisions, and others.

The Risk Management Principle

Risk cannot be eliminated; therefore, risk tolerance should be matched to the potential benefits of implementing controls. Risk should be identified and assessed early and mitigation taken where possible.

The Educated Workforce Principle

Employees should understand information security threats, risks and how their actions can impact the protection of the information with which they interact.

The Policy Driven Principle

Security policies and standards will be implemented consistently across all systems, Departments, agencies and commissions.

The Defense-in-Depth Principle

Use multiple layers of security controls whenever possible.

The Least Privileges Principle

Only allow access to what is needed to do the job.

The Separation of Duties Principle

A single person or work unit should not be responsible for an entire process (end-to-end) when there is a risk of loss.

The Timeliness Principle

Coordinated response to incidents involving threats to information assets should receive priority over other activities.

The Accountability Principle

Information security accountability and responsibility must be clearly defined as part of a security management structure and be acknowledged by management and staff.

The Confirm Compliance Principle

Compliance internal and external expectations will be evaluated regularly.

Who We Are

Jeff Aguilar
Chief Information Security Officer

Chris Paltao
Deputy Chief Information Security Officer

James Thurmond
Deputy Chief Information Security Officer

David Cicero
DISO as a Service

Vacant
Deputy Chief Information Security Officer

View Job Opportunities
Skip to content