Office of Information Security (OIS)


The Office of Information Security (OIS) is the single state source for cybersecurity readiness and awareness

Our Mission

The mission of OIS is to provide leadership in the development, delivery and maintenance of an information security program by safeguarding the state's information assets against unauthorized use, disclosure, modification, damage or loss to support Colorado’s mission to provide secure and sustainable services.

OIS is directly aligned with the goals and objectives of the National Strategy to Secure Cyberspace. Working closely with federal, state, local and private sector partners, the Office of Information Security actively gathers and analyzes information on cyber threats and vulnerabilities that present risk to the state's information systems or the critical information managed within.

Security Management: The OIS Security Management is responsible for security risk management across state departments. This group manages State Information Security Policies, Security Standards, onsets with agencies on technical matters, and manages enterprise projects to meet security requirements.

Compliance Program: The OIS Compliance Program has oversight of applicable regulatory compliance to include compliance with federal and state laws, regulations, and Colorado Information Security Policy.

Application Security Program: The OIS Application Security Program is responsible for the creation of secure coding best practices to protect Colorado's information systems and mission critical applications.

Our Leadership

Deborah Blyth, the State of Colorado's Chief Information Security Officer (CISO) is responsible for leading OIS and the enterprise-wide Colorado Information Security Program (CISP) that includes governance, risk, compliance and risk management. Read more about Debbi here»

Our Vision and Guiding Principles

The vision of OIS is to be a leader in preserving the confidentiality, integrity, and availability of state and citizen data while maintaining efficient and effective IT operations for the State of Colorado. At all times, this effort will embrace the following security principles:

  • Confidentiality: Assurance that information is shared only among authorized persons or organizations.
  • Integrity: Assurance that the information is authentic and complete and can be relied upon to be sufficiently accurate for its purpose.
  • Availability: Assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them.