Securing Oklahoma's Digital Frontier

Fortifying Data Integrity, Privacy, and Accessibility for the State’s Centralized Cloud Initiative
Scope: Targeting Oklahoma's Cloud Transformation
This project began as a comprehensive security strategy for Oklahoma’s entire digital ecosystem. However, after drafting 65 pages of objectives, I recognized the need for a more focused approach. I pivoted to OMES’s Centralized Cloud Initiative—a project already underway that serves as a microcosm of broader security needs, touching all 189 state agencies.

By aligning directly with OMES’s cloud centralization, this strategy aims to deliver immediate value. I submitted the completed document to OMES as a potential blueprint for addressing their current challenges, hoping it could move from a case study to a real-world solution. Whether adopted or not, this strategy underscores how targeted, adaptable planning can bridge the gap between vision and implementation.
Approach: Research-Driven Framework Design
To ensure this strategy was grounded in the most current insights, I began by reviewing the latest editions of the Journal of Cybersecurity and Information Management and the Journal of Business Research. These sources provided valuable perspectives on effective security frameworks specifically tailored for cloud environments.

From these insights, I crafted a Governance Framework that merges best practices from ISO 27001, ISO 31000, NIST 800-53, and ITIL 4, optimizing it to meet the unique demands of OMES’s Centralized Cloud Initiative. This framework is not only built on rigorous research but is also directly aligned with OMES’s described objectives for cloud centralization, providing a structured, adaptable approach designed to enhance both security and compliance.
Explore the full Governance Framework for a detailed look at the modular structure and compliance standards underpinning this strategy.
Policies & Procedures: Enhancing OMES Standards for Cloud Security
My proposed strategy builds upon OMES’s foundational policies, introducing updates that bring these standards in line with the demands of a modern cloud environment. Here’s a closer look at some key enhancements:
Dive into the complete Policies & Procedures to see how this strategy aligns with and enhances OMES’s security standards.
Implementation Roadmap: Strategic Phases for Cloud Security Success
This roadmap follows a phased approach, prioritizing each step based on risk assessment to deliver the highest impact for OMES’s centralized cloud initiative.
Take a closer look at the phased Implementation Roadmap designed to prioritize risk and ensure seamless integration.
Anticipated Impact:
Projecting the Value of Enhanced Security
  • 40%
    1. Faster Incident Response Times
    • Projection: Up to 40% reduction in Incident Response Time
    • Rationale: With proactive risk assessment tools like Splunk ES and Palo Alto, the strategy is poised to enable faster threat detection and streamlined response, minimizing potential damage from security incidents.
  • 100%
    2. Regulatory Compliance Confidence
    • Projection: Full Compliance with HIPAA, FERPA, and CJIS Standards
    • Rationale: By integrating ISO 27001 and NIST standards, this strategy is built to support complete adherence to regulatory requirements, safeguarding citizen data with structured compliance at all levels.
  • 99%
    3. Increased Service Reliability
    • Projection: Targeted 99.99% Service Uptime
    • Rationale: Continuous monitoring and cloud-specific controls aim to enhance service availability and resilience, positioning Oklahoma’s digital infrastructure for reliable operation even under challenging conditions.
  • 90%
    4. Enhanced Security Culture
    • Projection: Anticipated 90% Security Training Completion Rate
    • Rationale: The strategy includes regular security training, which is expected to raise security awareness and preparedness among state employees, fostering a security-conscious organizational culture.