Maryland - Gaylord National Harbor, May 5-7, 2019
Nashville, TN - JW Marriott , October 13-16, 2019
For the 2013 observance of National Cyber Security Awareness Month, NASCIO has updated its Resource Guide for State Cybersecurity Awareness, Education, and Training Initiatives. The guide includes new information from our state members, who provided examples of state awareness programs and initiatives. This is an additional resource of best-practice information, together with an interactive state map to allow users to drilldown to the actual resources that states have developed or are using to promote cyber awareness. It includes contact information for the CISO, hyperlinks to state security and security awareness pages, and information describing cybersecurity awareness, training, and education initiatives.
The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.
The NASCIO Procurement Modernization Committee, in partnership with TechAmerica and the National Association of State Procurement Officials, continues to focus on state IT procurement reforms and highlight best practices at the state level. This brief is the third in a series of recommendations set forth by this collaborative. The purpose of the brief is to highlight some of the strategies used to first identify, then to avoid, transfer, mitigate, and ultimately accept the risks associated with the procurement of IT products or services. Although not all risks can be identified, the goal should be to understand how much risk is associated with a specific IT procurement and what tools, processes, benchmarks, and methodologies are available to uniquely address IT procurement risks.
Commonwealth of Virginia’s EIA Strategy and NIEM Integration Plan
The Commonwealth of Virginia has completed an eight-month strategic planning process to develop an Enterprise Information Architecture (EIA) strategy. A central element of the EIA strategy involves building exchanges for “citizen-centric” data that conform with the National Information Exchange Model (NIEM).
Virginia’s NIEM integration plan will enable the state government to comply with new statutory requirements for standardizing Person data and promote enhanced capabilities for business-driven information exchanges.
This webinar will provide insight on Virginia’s emerging EIA strategy and NIEM integration planning. The primary focus will be on Virginia’s EIA strategic plan and successful implementation of the NIEM Engagement Process.
Cross-jurisdictional collaboratives are on the rise. As the number of such collaboratives increases, there are essential ingredients for framing and sustaining successful and even exceptional collaborative arrangements that deliver real outcomes. As NASCIO reviewed successful collaboratives, proper governance continually surfaced as one of those essential ingredients for effective sharing of government information and services and effective employment of technology across two or more enterprises. This issue brief presents examples of effective governance and describes what constitutes effective governance.
The Healthcare Information and Management Systems Society (HIMSS) and National Association of State Chief Information Officers (NASCIO) formed a collaboration to determine how the State Chief Information Officer (CIO) views the current health information technology landscape. Specific areas of focus for this study included Medicaid Management Information Systems (MMIS), Medicaid Eligibility Systems, Data Governance and Identity Management, State Level Health Information Exchanges, Shared Services and Collaborations. This study combined HIMSS' expertise in health information technology and information exchange with NASCIO's expertise representing state CIOs and information technology executives from the states, territories and the District of Columbia. The results of this collaborative survey will serve those seeking to understand the current environment of State healthcare technology initiatives ranging from governance models to data exchange activities. This analysis will also facilitate understanding of the intersection of the state CIO's role with state health information technology (HIT) projects. This collaboration represents one of the first holistic analyses focused on the state CIO perspective of State HIT projects.
The issue brief focuses on state use of social media, specifically on state social media participation policies ("SMPP's"). NASCIO's Legal Advisory Working Group took a look at 31 SMPPs, which focus specifically on guidance/policy given to state employees regarding their participation in social media.
States have come a long way in the past few years, with the majority implementing social media policies or working towards one. However, some of the gaps found have the potential to open up states to some severe heartburn: including employee discontent, management concerns, public perception and liability.
The issue brief also addresses the inclusion of clauses on confidentiality, ethical conduct, security and privacy, and transparency in SMPP's.
Three important findings have combined to motivate this topic:
Combined these three findings require a new look at these roles. This webinar will explore the role of a Chief Data Officer (CDO) as a function needed by organizations (especially state governments). While we don't yet have all the answers, we can at least lay out three necessary but insufficient prerequisites to making progress faster than we have achieved to date.
Cloud-based file sharing solutions have become very popular and certainly a growing and significant part of day-to-day computing. It is easy to see why these services are attractive to state government users after using them in many facets of their personal life. With a wide variety of choices in the market, these solutions are easy to access, configure and use. They support multiple devices (especially mobile), and data in multiple formats. The most important consideration for state employee users – these file sharing services are free. Since the release of the 2012 NASCIO and Deloitte Cybersecurity Study, more security and policy questions have been raised on the use of free cloud services by states. In addition to the May 2012 Capitals in the Clouds IV guidance on rogue cloud users, states have continued to seek out leading practices on how to put the proper controls in place, meet security standards, craft acceptable use policies, and identify the open records and legal concerns regarding terms of service. This brief helps to provide real experience from Commonwealth of Pennsylvania on free cloud services.
This presentation outlines the four pillars of a Holistic Enterprise Architecture: architectural models, framework, methodology, and implementation/solution models. It also explains the business and technology gains, and demystifies the practice of implementing a successful Holistic Enterprise Architecture.
NASCIO's 2004 publication NASCIO on Unlimited Liability - Gaining Traction on the Road to "Win-Win" recommended changes to the state IT procurement policy regarding limitations on liability, and research from 2010 and 2012 show subtle changes have occurred in the states. This infographic indicates which states have limitations on liability in statute, which states have none, and which states are able to negotiate limitations on a case by case basis, and compares the current situation to previous NASCIO research.