Enterprise Architecture Program: Publications, Resources & Toolkit

Security at the Edge: Protecting Mobile Computing Devices Part II: Policies on the Use of Personally Owned Smartphones in State Government

  • 31 March 2010
  • Author: Mike Cooke
  • Number of views: 7370
  • 0 Comments
Security at the Edge: Protecting Mobile Computing Devices  Part II: Policies on the Use of Personally Owned Smartphones in State Government
Due to the pervasive use of personally owned smartphones in the U.S., practical concerns have arisen around state employee requests to use these devices for state business. The potential for security incidents and data breaches is a practical concern that state CIOs and CISOs must address when establishing security standards. While these devices make the work lives of employees less complicated, and perhaps reduce state IT acquisition costs, officials must once again face the classic dilemma of balancing risks and rewards. Policies on the Use of Personally Owned Smartphones in State Government highlights the trend toward states establishing security policies and standards for connecting personally owned smartphones to government networks.

State CIO Top Ten Policy and Technology Priorities for 2010

  • 15 November 2009
  • Author: Mike Cooke
  • Number of views: 10012
  • 0 Comments
State CIO Top Ten Policy and Technology Priorities for 2010
Each year NASCIO conducts a survey of the state CIOs to identify and prioritize the top policy and technology issues facing state government. The CIOs top ten priorities are identified and used as input to NASCIO's programs, planning for conference sessions, and publications.

Resource Guide for State Cyber Security Awareness, Education, and Training Initiatives

  • 16 September 2009
  • Author: Mike Cooke
  • Number of views: 8101
  • 0 Comments
Resource Guide for State Cyber Security Awareness, Education, and Training Initiatives
For the observance of the sixth annual National Cyber Security Awareness Month, NASCIO has created a Resource Guide of examples of state awareness programs and initiatives. The compendium augments previously gathered information with data from a just-completed, short survey of state CISOs. It includes links to state security awareness pages, contact information for state CISOs, and information describing cyber security awareness, training, and education initiatives that target four categories: Executives/Elected Officials; Citizens; State Workers; and IT Security Personnel.

The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.

Security at the Edge — Protecting Mobile Computing Devices

  • 8 July 2009
  • Author: Mike Cooke
  • Number of views: 20739
  • 0 Comments
Security at the Edge — Protecting Mobile Computing Devices
The business of government is increasingly conducted or supported by mobile computing devices as states adopt these tools to un-tether traditional office workers from their desks or employ them for a wide variety of purposes in the field. Use of mobile devices is so widespread that it is difficult to imagine how state governments can operate without them, given their increased computing power and the ease with which they may be integrated with state networks and databases via the Internet. At the same time, however, mobile devices are unusually vulnerable to loss, theft, mis-use, or misconfiguration, which can and does lead to the loss of sensitive data. Security at the Edge highlights the risks associated with uncontrolled use of mobile devices, and targets the standards and procedural controls that allow state CIOs to better secure them.

Desperately Seeking Security Frameworks – A Roadmap for State CIOs

  • 25 March 2009
  • Author: Mike Cooke
  • Number of views: 20273
  • 0 Comments
Desperately Seeking Security Frameworks – A Roadmap for State CIOs
State CIOs, chief security officers, and the IT security professionals who work with them face a challenging and sometimes confusing array of security frameworks – these may be pushed down by Federal agencies, issued by national or international standards bodies, promoted by industry as best practice, or in some instances, be written into law or federal regulation. Desperately Seeking Security Frameworks provides an overview of the primary security standards, regulations, and laws that impact state IT security programs, highlights how states have used the frameworks to shape their security architectures, policies, standards, and controls, and identifies the key issues for CIOs as they establish and maintain IT security programs.

State CIO Top Ten Policy and Technology Priorities for 2009

  • 3 November 2008
  • Author: Meghan Penning
  • Number of views: 9377
  • 0 Comments
State CIO Top Ten Policy and Technology Priorities for 2009
Each year NASCIO conducts a survey of the state CIOs to identify and prioritize the top policy and technology issues facing state government. The CIOs top ten priorities are identified and used as input to NASCIO's programs, planning for conference sessions, and publications.

Protecting the Realm: Confronting the Realities of State Data at Risk

  • 10 September 2008
  • Author: Mike Cooke
  • Number of views: 8583
  • 0 Comments
Protecting the Realm: Confronting the Realities of State Data at Risk
This brief underlines the criticality of managing states’ digital assets and identifies key, high-level elements for establishing better data security programs within states. The brief covers data ownership and governance issues, recommends grounding data protection efforts in states’ enterprise architecture frameworks, and outlines nine primary elements that a comprehensive data protection program must incorporate or address. It describes data classification frameworks that have been developed in both state and federal agencies, and includes summaries of operational data classification and security initiatives in the states of Ohio, Arkansas, and Iowa.

State CIO Top Ten Policy and Technology Priorities for 2008

  • 5 November 2007
  • Author: Meghan Penning
  • Number of views: 9804
  • 0 Comments
State CIO Top Ten Policy and Technology Priorities for 2008
Each year NASCIO conducts a survey of the state CIOs to identify and prioritize the top policy and technology issues facing state government. The CIOs top ten priorities are identified and used as input to NASCIO's programs, planning for conference sessions, and publications.

IT Security Awareness and Training: Changing the Culture of State Government

  • 22 August 2007
  • Author: Mike Cooke
  • Number of views: 8078
  • 0 Comments
IT Security Awareness and Training: Changing the Culture of State Government
Most state government employees use technology to do their daily work, yet they may not realize the dramatic consequences that can flow from one mistake. As data breaches and security incidents that originate from within state government appear to be on the rise, cultural change is needed. All state employees need to understand that IT security is everyone’s job and understand how to use the state’s IT resources in a way that does not create the risk of a security incident. NASCIO’s Research Brief, "IT Security Awareness and Training: Changing the Culture of State Government" , highlights awareness and training activities that State CIOs can implement to avoid internal threats that can lead to a full-on state government crisis. To assist CIOs in pursuing these efforts, this brief includes many examples of awareness and training activities that are currently taking place with the states. This brief is a product of NASCIO’s Information Security and Privacy Committee.

Insider Security Threats: State CIOs Take Action Now!

  • 18 April 2007
  • Author: Mike Cooke
  • Number of views: 8388
  • 0 Comments
Insider Security Threats: State CIOs Take Action Now!
This brief examines the often overlooked threats from within. Media attention has focused primarily on external threats with federal government and industry reports revealing alarming hacking and identity theft statistics. However, threats from within both public and private sector organizations may be even more prevalent than external threats and can have equally if not more serious consequences.
RSS
12345678

About The Enterprise Architecture Program

The NASCIO Enterprise Architecture program was developed to enable the mission of state and local government. Government must continually reinvent itself to remain relevant by effectively and efficiently providing services to the citizens of this country. The path to this continual transformation must embrace leadership, management, coordination, communication and technology throughout government. Enterprise architecture is the discipline to appropriately define and leverage these capabilities within the complexities of government.

Funding to support the NASCIO EA Program and information sharing initiative is provided by a grant from the U.S. Department of Justice, the Bureau of Justice Assistance, Office of Justice Programs.

Enterprise Architecture Development Tool-Kit v3.0

October 2004

The enhancements in the third version of the Tool-Kit result from the expertise and continued dedication of enterprise architecture practitioners from all levels of government and the private sector. Version 3.0 incorporates an updated governance architecture framework with added roles and responsibilities and a focus on multi-level communication. Process models with explanatory narrative are included for governance and the architecture lifecycle. The Tool-Kit also includes fully populated security domain and application domain blueprints.