Maryland - Gaylord National Harbor, May 5-8, 2019
Nashville, TN - JW Marriott , October 13-16, 2019
This study reports findings and analysis of a comprehensive survey of State Chief Information Security Officers (CISOs) conducted by NASCIO in partnership with Deloitte. The results of the 2014 Deloitte-NASCIO Cybersecurity Study confirm the growing importance of cybersecurity for states. The following key themes emerged from our analysis:
Maturing role of the CISO: State CISO role continues to gain legitimacy in authority and reporting relationships. The responsibilities of the position are becoming more consistent across states, yet expanding.
Continuing budget-strategy disconnect: The improving economy and states’ growing commitment to cybersecurity have led to an increase – albeit small, in budgets. CISOs have also been successful at tapping supplemental resources, whether from other state agencies, federal funding, or various agency and business leaders. Nevertheless, budgets are still not sufficient to fully implement effective cybersecurity programs – it continues to be the top barrier for CISOs according to the survey results.
Cyber complexity challenge: State information systems house a wide range of sensitive citizen data, making them especially attractive targets for cyber-attacks. CISOs are concerned about the intensity, volume and complexity of cyber threats that run the gamut from malicious code to zero-day attacks.
Talent crisis: The skill sets needed for effective cybersecurity protection and monitoring are in heavy demand across all sectors. State CISOs are struggling to recruit and retain people with the right skills, and they will need to establish career growth paths and find creative ways to build their cybersecurity teams.
The NASCIO Enterprise Architecture program was developed to enable the mission of state and local government. Government must continually reinvent itself to remain relevant by effectively and efficiently providing services to the citizens of this country. The path to this continual transformation must embrace leadership, management, coordination, communication and technology throughout government. Enterprise architecture is the discipline to appropriately define and leverage these capabilities within the complexities of government.
Funding to support the NASCIO EA Program and information sharing initiative is provided by a grant from the U.S. Department of Justice, the Bureau of Justice Assistance, Office of Justice Programs.
The enhancements in the third version of the Tool-Kit result from the expertise and continued dedication of enterprise architecture practitioners from all levels of government and the private sector. Version 3.0 incorporates an updated governance architecture framework with added roles and responsibilities and a focus on multi-level communication. Process models with explanatory narrative are included for governance and the architecture lifecycle. The Tool-Kit also includes fully populated security domain and application domain blueprints.