The Information Security (InfoSec) program helps protect against potential information technology (IT) threats and vulnerabilities. The program reports directly to the Secretary of MDH with a primary focus of protecting MDH's ability to continually provide secured mission-critical operations. Through personnel, policies, procedures, and standards, InfoSec helps ensure the availability of organizational information, confidentiality, integrity, and compliance with HIPAA, CMS, DoIT Security Manual, and Federal and State mandates.

The InfoSec Program is a risk-based program that gathers metrics to arrange phased continuous improvement processes for information security across the MDH organization. InfoSec employs three main strategies to protect the confidentiality, integrity, & availability (CIA) of MDH data:

• Governance, Strategy, and Guidance
• Testing and Assessment
  
• Monitoring and Detection
  

​