Colorado Voter Group

The Colorado Voter Group is a private entity working to improve Colorado's election system.
Home     State Oversight     November 2008     County Oversight     Election Oversight     Election System     CAMBER      

From: Al Kolwicz [mailto:alkolwicz@qwest.net]
Sent: Thursday, October 04, 2007 5:02 PM
To: 'Welling, Craig'
Cc: 'Conley, John'; Colorado Voter Group (ColoradoVoter@googlegroups.com)
Subject: RE: CORA Response

Dear Craig,

Thank you very much for your help.

  1. Is it correct to assume that the October 1 letter refers to the 19 security policies at http://www.colorado.gov/cs/Satellite?c=Page&childpagename=Cyber%2FCISOLayout&cid=1167928186414&p=1167928186414&pagename=CISOWrapper  

    2. Will you please forward a copy of the SOS Plan of Action and Milestones referred to in the conditional approval letter? We believe that the POAM is not covered by the CORA exclusion for Information Security Plans (C.R.S. 24-72-202(6)(b)(X) (X) The information security plan of a public agency developed pursuant to section 24-37.5-404 or of the department of higher education or an institution of higher education developed pursuant to section 24-37.5-404.5;).

    3. Is it the opinion of the CISO that compliance with the 19 policies is sufficient to detect, report, defend, and recover from all security threats to the Colorado Election System including manufacturer embedded defects/malware and human error?


Since the SOS is currently operating without an approved Agency Cyber Security Plan, we are concerned that this may unnecessarily expose the SCORE II materials to contamination.

Again, thank you for your help.

Al


Al Kolwicz
Colorado Voter Group
2867 Tincup Circle
Boulder, CO 80305
303-494-1540
AlKolwicz@qwest.net
www.AlKolwicz.net
www.coloradovotergroup.blogspot.com