Nashville, TN - JW Marriott , October 13-16, 2019
Maryland, MD - Gaylord National Harbor, May 3-6, 2020
In recognition of the importance of governance in addressing cyber risks, the U.S. Department of Homeland Security (DHS) partnered with the National Association of State Chief Information Officers (NASCIO) to develop a report and series of case studies exploring how states govern cybersecurity. The report and case studies explore how Georgia, Michigan, New Jersey, Virginia and Washington use cross-enterprise governance mechanisms (i.e., laws, policies, structures, and processes) across strategy and planning, budget and acquisition, risk identification and mitigation, incident response, information sharing, and workforce and education. The purpose of the report and case studies is to offer concepts and approaches to other states and organizations who face similar challenges. The report summarizes the case studies and identifies common trends in how cybersecurity governance is addressed across the five states, with supporting examples from each state.
The NASCIO Enterprise Architecture program was developed to enable the mission of state and local government. Government must continually reinvent itself to remain relevant by effectively and efficiently providing services to the citizens of this country. The path to this continual transformation must embrace leadership, management, coordination, communication and technology throughout government. Enterprise architecture is the discipline to appropriately define and leverage these capabilities within the complexities of government.
Funding to support the NASCIO EA Program and information sharing initiative is provided by a grant from the U.S. Department of Justice, the Bureau of Justice Assistance, Office of Justice Programs.
The enhancements in the third version of the Tool-Kit result from the expertise and continued dedication of enterprise architecture practitioners from all levels of government and the private sector. Version 3.0 incorporates an updated governance architecture framework with added roles and responsibilities and a focus on multi-level communication. Process models with explanatory narrative are included for governance and the architecture lifecycle. The Tool-Kit also includes fully populated security domain and application domain blueprints.