State Cybersecurity Governance Case Studies

In recognition of the importance of governance in addressing cyber risks, the U.S. Department of Homeland Security (DHS) partnered with the National Association of State Chief Information Officers (NASCIO) to develop a report and series of case studies exploring how states govern cybersecurity. The report and case studies explore how Georgia, Michigan, New Jersey, Virginia and Washington use cross-enterprise governance mechanisms (i.e., laws, policies, structures, and processes) across strategy and planning, budget and acquisition, risk identification and mitigation, incident response, information sharing, and workforce and education. The purpose of the report and case studies is to offer concepts and approaches to other states and organizations who face similar challenges. The report summarizes the case studies and identifies common trends in how cybersecurity governance is addressed across the five states, with supporting examples from each state.