For us it's someone in IT, in this case me. Generally speaking, you make sure
that the security policies are being followed.
Here is what the CJIS Security Policy says about the LASO
3.2.9 Local Agency Security Officer (LASO)
Each LASO shall:
1. Identify who is using the CSA approved hardware, software, and firmware and
ensure no unauthorized individuals or processes have access to the same.
2. Identify and document how the equipment is connected to the state system.
3. Ensure that personnel security screening procedures are being followed as
stated in this Policy.
4. Ensure the approved and appropriate security measures are in place and
working as expected.
5. Support policy compliance and ensure the CSA ISO is promptly informed of
security incidents.
Brian Miles | IT Manager, City of Woodburn
270 Montgomery St | Woodburn, OR 97071
brian.miles@xxxxxxxxxxxxxxxxx<mailto:brian.miles@xxxxxxxxxxxxxxxxx>
www.woodburn-or.gov<http://www.woodburn-or.gov/>
p: 503-982-5399 | m: 503-710-1370
[cid:image001.png@01DA7C3E.349FDEC0]
From: oagitm-bounce@xxxxxxxxxxxxx <oagitm-bounce@xxxxxxxxxxxxx> On Behalf Of
Tania Mahood
Sent: Friday, March 22, 2024 9:34 AM
To: oagitm@xxxxxxxxxxxxx
Subject: [oagitm] LASO question
**** This email is from an EXTERNAL sender. Exercise caution when opening
attachments or click links from unknown senders or unexpected email. ****
Hi everyone,
For those of you that have organizations that work with CJIS data, I was
wondering who (what position) is appointed as your LASO for your organization,
is it in IT or elsewhere? What roles/responsibilities do they oversee as the
LASO?
Thanks!
Tania Mahood | IT Director/CTO
DESCHUTES COUNTY IT
She/Her/Hers
14 NW Kearney Ave. | Bend, Oregon 97703
Tel: (541) 330-8249 | M: (541) 668-7643
PUBLIC RECORDS LAW DISCLOSURE This e-mail is a public record of the City of
Woodburn and is subject to public disclosure unless exempt from disclosure
under Oregon Public Records Law. This e-mail is subject to the State Retention
Schedule.