Maine.gov Security

by Kimberly Duplisea, InforME

Internet hacking has become commonplace and the risk of security breaches has increased significantly in the last few years; however, InforME has never experienced a security breach. Maine State Government and InforME take Internet security seriously. To that end, InforME takes strict measures to ensure that transactions completed through InforME/Maine.gov are safe, private and secure, and that the data stored on InforME’s servers remains secure. InforME’s security policies and practices are regularly audited at several levels to ensure that they comply with security standards set by CyberTrust, the Payment Card Industry (PCI/DSS), and the Sarbanes-Oxley Act.

CyberTrust, the gold standard of global Internet Security firms for the past fifteen years, investigates all aspects of a company’s operations including staff, the physical structure of the office, security policies, employee policies, and the electronic network, application code, and databases. Starting in the fall of 2006, Maine Information Network (MIN), the private network manager for InforME, began the rigorous application process for CyberTrust certification. Following a year of research, audits and implementation, MIN was awarded this prestigious certification in 2007. To remain compliant, CyberTrust will continue to evaluate MIN and the InforME network on a regular basis.

The Payment Card Industry’s Security Standards Council is a group of independent representatives focused on the development, enhancement and implementation of security standards related to credit card account information. The Data Security Standards is a list of best practices businesses must adhere to when processing credit card data. Visa and MasterCard require that companies prove compliance with DSS in order to continue to process their credit cards. Like CyberTrust, the Payment Card Industry’s Data Security Standards (PCI/DSS) focus on the maintenance of secure network architecture for those databases, servers, and application code used in Maine.gov credit card transactions. InforME’s compliance is evaluated through regular audits by the credit card industry, MIN, and its parent company, NIC.

MIN is a subsidiary of a publicly-held national corporation, NIC, which operates e-government portals in 21 states. All publicly traded companies are subject to the federal Sarbanes-Oxley Act. As a result of the Enron, Tyco, and WorldCom scandals, the federal government enacted the Sarbanes-Oxley Act (2002) to protect shareholders. This Act focuses on the security and accuracy of financial information provided by publicly traded companies, enhanced reporting of such financial data and corporate fraud accountability. Since its enactment, MIN and NIC have met all requirements of this Act to ensure the security of those stockholders invested in the company. Compliance with Sarbanes-Oxley is monitored closely by NIC and evaluated on an annual basis.

Through this triumvirate of third-party security standards and audits (Sarbanes-Oxley, PCI/DSS and CyberTrust) coupled with the internal audits performed by InforME staff, the security of information passed through Maine.gov will remain safe, private and secure. In this digital age, threats addressed one day are replaced with new threats the next; it is because of this that InforME is continually evolving security policies to proactively address Internet security.