CyberSecurity

Background, Purpose, and Authority

In response to ever-increasing complexity and numbers of cybersecurity threats, the Arizona Judicial Council (AJC) has approved a set of minimum security standards to be adhered to across all courts.  ACJA 1-503(D) also gives the courts' chief information officer the responsibility to administer, protect, monitor, and provide equitable access to the Arizona Judicial Information Network (AJIN).

COT voted in its June 3, 2016 annual meeting to inaugurate a dedicated CyberSecurity Subcommittee to provide governance, oversight, and specific policy guidance over information and network security, not only for AJIN but for networks that connect to AJIN and all technology resources used to conduct the business of the courts. Though not providing a rapid response function, the subcommittee will evaluate response actions taken by network and application owners during security events to ensure the appropriate balance is maintained between necessary protections and adequate electronic access to court resources. An important initial task of the committee will be to evaluate requests for additional time to implement minimum security standards as returned in gap analyses.  

Membership includes representation for public stakeholders, court administration, clerks, judges, AOC, and the courts' CIO. Appointments are made by the COT chair.

Charter

• Recommendations to enhance the security posture of the courts in response to evolving risks
• Refinement of existing security policies applicable to all courts
• Enhancement of the minimum security standards set, as necessary
• Review of significant incidents, remediation steps, and lessons learned from cyber-security-related adverse events
• Providing a macro-level assessment of the overall security standing of the courts
• Based on twice-per-year scans required in Minimum Standard 4.14
• Reported to COT annually
• Review of and response to individual court and network security audit findings, including contested findings and exceptions
• Review of and response to documented gaps and remediation plans to AJC-approved security standards in individual courts

Nature of Subject Matter

The subcommittee is not a public council as defined in ACJA 1-202. Supreme Court Rule 123(e)(4) closes by default  "All security plans, codes and other records that provide for the security of information, individuals, or property in the possession or custody of the courts against theft, tampering, improper use, illegal releases, trespass, or physical abuse or violence."  As such, the subject matter of the subcommittee shall be closed with the exception of reports made to COT in public session.  Even then, specific details about court security protections or any deficiency at a specific court or courts will be handled in executive session per ACJA 1-202(C)(5)(e).