The State CIO Operating Model: A Playbook for Managing Change in a Sustainable Way

This is the fourth in our NASCIO series “The CIO Operating System:  Managing Change in a Sustainable Way.”  It is also the culmination of the work from NASCIO’s project team and a partnership with Integris Applied, Inc., a corporate member of NASCIO, that began in January of 2018.  This is a playbook of eleven plays that any state or territory can utilize in order to move into a new operating model.  This operating model creates a highly disciplined state CIO organization that proactively engages with state agencies, understands current and emerging program and citizen needs, as well as maintains market awareness of current and emerging trends and offerings.  Moving into and maturing this model is essential for each state and territory to effectively map capability demand with capability supply.

This report looks to the past in that it is the highlight and culmination of the first year of this special project, synthesizing all the previous work which includes three reports, a recorded webinar, a survey of state CIOs.    It looks to the future in that the plays will be further developed with necessary guidance on how to effectively execute these eleven plays.  The next big push in this project will be the development of the “DevOps” for the new multisourcing operating model.  This playbook then becomes the launching point for the future.  In many ways this report and the project that produced it is an inflexion point coincident with NASCIO’s 50th anniversary.  Much has been accomplished within the NASCIO community in the past 50 years.  And we celebrate all of that.  Then we look to the future and consider “what is possible?”  This playbook is the first step into that future.  So fasten your seat belts, and get ready for the next major phase.  Its going to be a wonderful ride!

Shrinking State Data Centers: A Playbook for Enterprise Data Center Consolidation

This is an update since NASCIO’s last publication on data center consolidation in 2007. This version is a playbook of 10 plays for states who have yet to consolidate their data centers using lessons learned and advice from the trenches from states who have completed enterprise consolidation.



NASCIO and NASPO Topical Roundtable

In continuing their shared interests in working together to improve IT procurement, NASPO and NASCIO have developed an action plan for navigating the ever-changing terrain shaping state procurement efforts and information technology updates. The action plan addresses several key areas of state government common to both specialties, including governance and organizational structure; teaming and roles; interactions and processes; and budgeting and forecasting.





State Cybersecurity Resource Guide

The National Association of State Chief Information Officers (NASCIO) supports National Cybersecurity
Awareness Month, now in its 13th year. State CIOs and the programs they administer have supported
cybersecurity awareness month from its inception, and states address IT security and privacy awareness,
education, and training on a year-round basis.

For the 2016 observance, NASCIO has updated its Resource Guide for State Cybersecurity Awareness, Education, and Training Initiatives. This guide includes:

  • Updated information on state awareness programs, initiatives and best-practice information;
  • Contact information for state chief information security officers (CISOs);
  • Hyperlinks to state security and security awareness pages; and
  • Information describing cybersecurity awareness, training, and education initiatives.

The Resource Guide is a working document that should prove a valuable resource for Cybersecurity Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.



Cyber Disruption Response Planning Guide


State government must now view cyber attacks that are more than cyber incidents.  We must prepare for larger magnitude events.  These can be termed cyber disruptions, disasters or even catastrophes.  This publication includes the following:

  • A call to action for states to develop state cyber disruption response plans that include: a governance structure that clearly designates who is in charge in a given event or phase of an event; development of a risk profile for state assets; collaboration among the various agencies that have cyber responsibility; and a communication plan to ensure the right people have the right information as early as possible so they can response effectively.
  • A checklist for states to work with in developing progress toward a cyber disruption response operating discipline.
  • A cross functional process description that can be used as a starting point for states to develop their own unique cross functional process for orchestrated planning and response at various threat levels.



Recommendations for Improved State IT Procurement

The state information technology (IT) community has long called for improvements in IT procurement processes and practices and state chief information officers (CIOs) are consistently dissatisfied with the state IT procurement process. In the 2015 state CIO survey, The Value Equation, roughly one half (47%) of state CIOs expressed negative outlooks on IT procurement processes.Because of this consistent level of dissatisfaction, NASCIO is advocating for procurement reform by issuing a call to action to states.


2015 CISO Toolkit

Moving Forward: Leadership Toolkit for State CISOs includes state CISO critical leadership traits, how state CISOs and private sector CISOs differ and the tenure of state CISOs. This publication examines survey responses, gives “advice from the trenches” and details other critical success factors for state CISOs.



NASCIO 2015 Cybersecurity Awareness Resource Guide

For the 2015 observance of National Cyber Security Awareness Month, NASCIO has updated its Resource Guide for State Cybersecurity Awareness, Education, and Training Initiatives. The guide includes new information from our state members, who provided examples of state awareness programs and initiatives. This is an additional resource of best-practice information, together with an interactive state map to allow users to drilldown to the actual resources that states have developed or are using to promote cyber awareness. It includes contact information for the CISO, hyperlinks to state security and security awareness pages, and information describing cybersecurity awareness, training, and education initiatives.

The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.



Building Successful Relationships: State CIO Advice for IT Partners

Given today’s fiscal environment, states are turning to their IT partners to provide cost-effective delivery of citizen services. This brief focuses on the best strategies for IT partners to engage with state CIOs while building successful business relationships.


Funding: The Drive Wheel for Cross-Jurisdictional Collaboration

In many cases, funding a specific initiative can entail more than one funding source working together as a basket of funding streams to provide both initial seed funding and ongoing sustained funding. Seeking funding is necessary, coupled with the vision, goals and objectives of a collaborative. When evaluating grants, loans and direct payments, the intent of the funding stream must match the intent of the collaborative initiative. In considering the full portfolio of funding models, the funding options pursued must be appropriately matched to a long term sustainment strategy for the collaborative. Further, evaluating funding approaches essentially involves clear understanding of the total cost of ownership that includes transactional cost economics (TCE). Securing funding starts with an understanding the full costing.