Enterprise Architecture Program: Publications, Resources & Toolkit

2016 Deloitte-NASCIO Cybersecurity Study - State Governments at Risk: Turning Strategy and Awareness into Progress

  • September 2016
  • Number of views: 53381
2016 Deloitte-NASCIO Cybersecurity Study - State Governments at Risk: Turning Strategy and Awareness into Progress

This study reports findings and analysis of a comprehensive survey of State Chief Information Security Officers (CISOs) conducted by NASCIO in partnership with Deloitte. The results of the 2016 Deloitte-NASCIO Cybersecurity Study highlights the fact that challenges still exist, but cybersecurity is becoming part of the fabric of government operations.

The following key themes emerged from our analysis:

  • Governor-level awareness is on the rise. The survey results indicate that governors and other state officials are receiving more frequent updates from CIOs/CISOs. Despite an increase of reporting, a confidence gap still exists between IT and the business, emphasizing the need for better communication of cyber risks.
  • Cybersecurity is becoming part of the fabric of government operations. The state government CISO role has become more consistent in terms of functions and responsibilities. Top three cybersecurity initiatives in 2016 include training and awareness, monitoring/security operations centers (SOC), and strategy.
  • A formal strategy and better communications lead to greater command of resources. States taking a proactive approach to strategy setting and communication are more likely to see improvements in funding and access to talent. Survey shows 16 out of 33 states with an approved strategy reported they had an increase in budget.
  • There is a need to rethink talent strategies. The nature of what states have to offer workers has changed. States are pointing to job stability and the opportunity to “give back and make an impact” as compelling reasons to gravitate towards state employment. These—along with a rich training and development program – are becoming the basis for a campaign to recruit millennial talent.

NASCIO staff contact: Meredith Ward, Senior Policy Analyst ([email protected])




About The Enterprise Architecture Program

The NASCIO Enterprise Architecture program was developed to enable the mission of state and local government. Government must continually reinvent itself to remain relevant by effectively and efficiently providing services to the citizens of this country. The path to this continual transformation must embrace leadership, management, coordination, communication and technology throughout government. Enterprise architecture is the discipline to appropriately define and leverage these capabilities within the complexities of government.

Funding to support the NASCIO EA Program and information sharing initiative is provided by a grant from the U.S. Department of Justice, the Bureau of Justice Assistance, Office of Justice Programs.

Enterprise Architecture Development Tool-Kit v3.0

October 2004

The enhancements in the third version of the Tool-Kit result from the expertise and continued dedication of enterprise architecture practitioners from all levels of government and the private sector. Version 3.0 incorporates an updated governance architecture framework with added roles and responsibilities and a focus on multi-level communication. Process models with explanatory narrative are included for governance and the architecture lifecycle. The Tool-Kit also includes fully populated security domain and application domain blueprints.