Return to Homepage


Home   |   Site Map   |   Privacy   |   Contact Us   |   RSS YouTube Twitter Linked In Facebook NASCIO Community
Email This Page     |     Print This Page     |    
Comments?     |     Share This Link

AWARDS & RECOGNITION

2003 Awards: Security and Business Continuity


RECIPIENT:
Michigan
Secure Michigan Initiative Project

First row (left to right): Charlotte Allen, Elaine Brandon, Brenda Fantroy, Chris Karr, Carol Myrick
Second row (left to right): Trent Carpenter, Brent Ericks, Dan Lohrmann, Neil Slagle, Joel Weever
In May 2002, the new Chief Information Security Officer (CISO) was charged with assessing the risks, threats, and vulnerabilities of state computer systems and recommending a new security framework and strategic plan. The Secure Michigan Initiative is the culmination of this effort. It offers other states a unique model of work plans, processes that include stakeholders and customers, and templates with an enterprise-wide perspective of the security processes.

There were five major phases to the Secure Michigan Initiative project: 1)"As Is" rapid risk assessment security study, 2) "To Be" security framework analysis using the recommended best practices from federal and state government and recognized leaders in the security arena, 3) "Gap" analysis using the results of the "As Is" study compared to the results of the "To Be" study defined the "gap" between the State's current security and where State's security needed to be, 4) development of the Secure Michigan Initiative document detailing the vulnerabilities identified in the risk assessment and the recommended solutions from the gap analysis to address the security risks, and 5) strategic plans for the implementation process of key recommendations from the Secure Michigan Initiative document.

"I'm pleased that NASCIO has recognized Michigan as a leader in cyber security. The work being done through our Secure Michigan Initiative will serve as a model for the rest of the nation. Ensuring the integrity and security of our state's computer systems, and the personal information of our citizens, is something I strongly believe in and I'm proud that NASCIO has selected us for this prestigious award."
Governor Jennifer Granholm, State of Michigan
An enterprise-wide rapid risk assessment was conducted by Information Technology (IT) security personnel from eleven different state government organizations who were led by the CISO. The primary purpose of the risk assessment was to determine the highest risk issues in relation to the security of the State of Michigan's IT infrastructure, policies, procedures, and applications/systems. The goal was to develop a risk analysis to administer to every agency within state government based upon State of Michigan requirements, federal guidelines, and IT industry best practices. Recommended practices from Giga, Gartner, Meta, the federal government and other state government best practices were considered.

The document entitled "The Secure Michigan Initiative" provided specific recommendations to improve security within each of the focus areas giving a three-tiered option for risk mitigation. The recommended projects support gubernatorial goals and priorities to improve the security, privacy, operational reliability, and accuracy of State of Michigan government processes.

OTHER NOMINATIONS:
Click on the link to download program submission.

Florida
Enterprise Information Security

Idaho
Security and Notification Project

Missouri
CyberSecurity Committee of the Missouri Homeland Security Council

North Carolina
Information Security Remediation

Tennessee
The Tennessee Focus on Continuity and Recovery

Virginia
Web-Based Security Awareness Training

Washington
Washington Computer Incident Response Center (WACIRC)

Return to 2003 Awards Main Page

.

NASCIO Awards Archive Cloud Computing Series New Members - Click Here