Baltimore, Maryland Baltimore Hilton, April 22-24, 2018
San Diego, CA Hilton San Diego Bayfront, October 21-24, 2018
This study reports findings and analysis of a comprehensive survey of State Chief Information Security Officers conducted by NASCIO in partnership with Deloitte in July and August of 2012. Both a repeat and extension of a Deloitte-NASCIO survey originally conducted in 2010, it documents the relative strengths and weaknesses of the security programs that protect state governments' vital systems and data. The study identifies areas of concern expressed by state CISOs, and provides a call to action for state CIOs and policy officials on the critical need to support and enhance cybersecurity programs.
For the 2012 observance of National Cyber Security Awareness Month, NASCIO has updated its Resource Guide for State Cyber Security Awareness, Education, and Training Initiatives. The guide includes new information from our state members, who provided examples of state awareness programs and initiatives. This is an additional resource of best-practice information, together with an interactive state map to allow users to drilldown to the actual resources that states have developed or are using to promote cyber awareness. It includes contact information for the CISO, hyperlinks to state security and security awareness pages, and information describing cyber security awareness, training, and education initiatives.
This brief presents an emphasis on the cultural and organizational aspects of cloud computing. "Cloud services" imply shared services. When agencies come together to share such a resource there will necessarily have to be an evaluation of the variance in security policies in place in the various partner agencies. Engaging external cloud services can be quite risky if such services have not been properly vetted by state security staff. Much education, awareness, and ongoing communication will be required to ensure state government employees are fully aware of the risks of external cloud services. The imperative for states is to stay connected and maintain the dialogue, sharing intentions and solutions, as state government moves forward with adoption of cloud services. Cloud is not the only solution or avenue for sharing resources. When it is the right solution, it must be employed with proper attention to the security aspects of cloud services, particularly with external cloud services.
Cloud computing will continue to be an invaluable resource for state and local governments in their efforts to rationalize and optimize computing resources. Cloud computing should be seen as an IT innovation that can support rationalization and optimization of business services as well as IT services. Due diligence prescribes the necessity of exploring and evaluating jurisdictional issues in order to ensure long term sustainability and growing adoption of collaborative government operations in state and local government.