2014 Deloitte-NASCIO Cybersecurity Study – State Governments at Risk: Time to Move Forward

/in , /by

This study reports findings and analysis of a comprehensive survey of State Chief Information Security Officers (CISOs) conducted by NASCIO in partnership with Deloitte. The results of the 2014 Deloitte-NASCIO Cybersecurity Study confirm the growing importance of cybersecurity for states. The following key themes emerged from our analysis:

Maturing role of the CISO: State CISO role continues to gain legitimacy in authority and reporting relationships. The responsibilities of the position are becoming more consistent across states, yet expanding.

Continuing budget-strategy disconnect: The improving economy and states’ growing commitment to cybersecurity have led to an increase – albeit small, in budgets. CISOs have also been successful at tapping supplemental resources, whether from other state agencies, federal funding, or various agency and business leaders. Nevertheless, budgets are still not sufficient to fully implement effective cybersecurity programs – it continues to be the top barrier for CISOs according to the survey results.

Cyber complexity challenge: State information systems house a wide range of sensitive citizen data, making them especially attractive targets for cyber-attacks. CISOs are concerned about the intensity, volume and complexity of cyber threats that run the gamut from malicious code to zero-day attacks.

Talent crisis: The skill sets needed for effective cybersecurity protection and monitoring are in heavy demand across all sectors. State CISOs are struggling to recruit and retain people with the right skills, and they will need to establish career growth paths and find creative ways to build their cybersecurity teams.

Download

Media:

Webinars:

State CIO Top Ten Policy and Technology Priorities for 2015

/in , , , , , , , , , /by

Each year NASCIO conducts a survey of the state CIOs to identify and prioritize the top policy and technology issues facing state government. The CIOs top ten priorities are identified and used as input to NASCIO’s programs, planning for conference sessions, and publications.

Download

Priority Strategies, Management Processes and Solutions

Top 10 Final Ranking

  1. Security: risk assessment, governance, budget and resource requirements, security frameworks, data protection, training and awareness, insider threats, third party security practices as outsourcing increases, determining what constitutes “due care” or “reasonable”
  2. Cloud Services: cloud strategy, proper selection of service and deployment models, scalable and elastic IT-enabled capabilities provided “as a service” using internet technologies, governance, service management, service catalogs, platform, infrastructure, security, privacy, data ownership
  3. Consolidation/Optimization: centralizing, consolidating services, operations, resources, infrastructure, data centers, communications and marketing “enterprise” thinking, identifying and dealing with barriers
  4. Broadband/Wireless Connectivity: strengthening statewide connectivity; implementing broadband technology opportunities
  5. Budget and Cost Control: managing budget reduction; strategies for savings; reducing or avoiding costs; dealing with inadequate funding and budget constraints
  6. Human Resources/Talent Management: human capital/IT workforce; workforce reduction; attracting, developing and retaining IT personnel; retirement wave planning; succession planning; support/training, portal for workforce data and trends
  7. Strategic IT Planning: vision and roadmap for IT, recognition by administration that IT is a strategic capability, integrating and influencing strategic planning and visioning with consideration of future IT innovations, aligning with Governor’s policy agenda
  8. Mobile Services/Mobility/Enterprise Mobility Management: devices, applications, workforce, security, policy issues, support, ownership, communications, wireless infrastructure, BYOD
  9. Disaster Recovery/Business Continuity: improving disaster recovery, business continuity planning and readiness, pandemic/epidemic and IT impact, testing
  10. Customer Relationship Management: building customer agency confidence and collaboration, internal customer service strategies, service level agreements (demand planning)

NASCIO 2014 Cybersecurity Awareness Resource Guide

/in /by

For the 2014 observance of National Cyber Security Awareness Month, NASCIO has updated its Resource Guide for State Cybersecurity Awareness, Education, and Training Initiatives. The guide includes new information from our state members, who provided examples of state awareness programs and initiatives. This is an additional resource of best-practice information, together with an interactive state map to allow users to drilldown to the actual resources that states have developed or are using to promote cyber awareness. It includes contact information for the CISO, hyperlinks to state security and security awareness pages, and information describing cybersecurity awareness, training, and education initiatives.

The Resource Guide is a modifiable work that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.

 

Download

The 2014 State CIO Survey: Charting the Course

/in , , , , , , , /by

NASCIO, TechAmerica, and Grant Thornton LLP have collaborated for a fifth consecutive year to survey state government IT leaders on current issues, trends and perspectives. The continuing economic situation creates problems for states when citizen demands for services continue or grow. The survey sponsors seek to provide these state government IT leaders with an opportunity to voice their thoughts and opinions on matters of high importance. Governors, legislatures and business leaders can benefit from these knowledgeable insights about essential state IT services. As major changes continue to sweep through the state IT landscape, we asked state CIOs to share their perspective on the status and future direction of the state CIO organization and the overall enterprise. While the survey covered a wide variety of topics, we asked CIOs to focus particularly on three main topics – the planning and oversight of critical projects, sourcing and the use of data as a strategic asset. These topics share a common theme in that they all require the CIO to establish priorities, collaborate with stakeholders and integrate with multiple external organizations.

Download

Presentations:

Media:

The States and FirstNet: An Early Look from the State CIOs

/in /by

As states begin to plan for FirstNet, a nationwide high-speed wireless broadband network dedicated to public safety, they are developing divergent approaches to planning and varied strategies for engaging with local and federal partners. This research report is based on the results of a survey of State CIOs. It provides a first look at the approaches being employed for engagement with local stakeholders, the federal FirstNet Authority, and even other states. The data also shows a significant distribution in the maturity of state planning, ongoing outreach, and governance strategies.

Download

States and Open Data: From Museum to Marketplace – What’s Next

/in , , , , , , , , , , , , /by

NASCIO takes a look at what has occurred across the states since NASCIO’s first report on open data published in 2009. This latest report examines progress in open data across state and local government. Open data initiatives are advancing at all levels of government in the United States and globally. States and local governments have partnered with industry to create innovative capabilities in delivering data to consumers. Those consumers include citizens, business, non-profit organization and government. The report also presents recommendations for continuing to advance state government open data initiatives and begin moving to a next level of maturity.

Download

Capitals in the Clouds Part VI: Cloud Procurement: From Solicitation to Signing

/in , , /by

As first reported in the NASCIO/TechAmerica/Grant Thornton 2013 State CIO Survey, The Enterprise Imperative: Leading Through Governance, Portfolio Management, and Collaboration, states continue to turn to cloud solutions, with services such as email and storage remaining the most popular. 74% of respondents said that their state has some applications in the cloud. For several years now, the NASCIO has discussed the transition in the state information technology environment as state CIOs sought new approaches to traditional delivery models. The recession prompted state leaders to examine new approaches and leverage technology opportunities. The use of cloud services by state government is the most obvious manifestation of this transition. In 2011, NASCIO launched its Capitals in the Clouds series on this topic. Three years later, states continue to investigate and to leverage cloud solutions, software as a service (SaaS) and infrastructure as a service, with services such as email and data storage remaining the most popular.

Download

Sharing Costs in Cross Jurisdictional Collaboratives

/in , /by

State Chief Information Officers have made the case for forming cross jurisdictional collaboratives when addressing state government services. State CIOs have come to understand the opportunities and the value proposition in forming collaborative arrangements. Cost sharing is foundational to any collaborative and is often the primary reason for the initial formation of a collaborative. This report proposes a list of essential design elements for cost sharing and provides some examples of successful collaboratives.

Download

Rethinking the Dynamics of the RFP Process for Improved IT Procurement

/in , /by

The RFP process is multifaceted with a broad set of stakeholders including state CIOs, agency heads, state procurement officials, state procurement attorneys, private sector vendors, and many others. Taking this information into consideration, NASCIO has continually sought ways to encourage collaboration between CIOs, chief procurement officials and private IT sector vendors. As such, NASCIO identified the RFP process as one to which special attention must be paid.

Download

Destination: Advancing Enterprise Portfolio Management – First Stop: Issues Management

/in , , , , , , , , , , , /by

State CIOs are managing a growing and diverse set of investments, services and collaborative arrangements. Enterprise portfolio management (EPM) is a discipline that provides the tools and best practices necessary for doing this proactively and successfully. EPM provides a view into the enterprise – not only projects, but also services, operations, programs and resources. EPM essentially turns enterprise architecture into action. EPM involves many portfolios. The first portfolio that drives the others is the portfolio of issues that identifies, scores and prioritizes the very issues we’re trying to solve through projects, programs, management initiatives and operations.

Download