Each year NASCIO conducts a survey of the state CIOs to identify and prioritize the top policy and technology issues facing state government. The CIOs top ten priorities are identified and used as input to NASCIO’s programs, planning for conference sessions, and publications.
For the observance of the sixth annual National Cyber Security Awareness Month, NASCIO has created a Resource Guide of examples of state awareness programs and initiatives. The compendium augments previously gathered information with data from a just-completed, short survey of state CISOs. It includes links to state security awareness pages, contact information for state CISOs, and information describing cyber security awareness, training, and education initiatives that target four categories: Executives/Elected Officials; Citizens; State Workers; and IT Security Personnel.
The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.
The business of government is increasingly conducted or supported by mobile computing devices as states adopt these tools to un-tether traditional office workers from their desks or employ them for a wide variety of purposes in the field. Use of mobile devices is so widespread that it is difficult to imagine how state governments can operate without them, given their increased computing power and the ease with which they may be integrated with state networks and databases via the Internet. At the same time, however, mobile devices are unusually vulnerable to loss, theft, mis-use, or misconfiguration, which can and does lead to the loss of sensitive data. Security at the Edge highlights the risks associated with uncontrolled use of mobile devices, and targets the standards and procedural controls that allow state CIOs to better secure them.
State CIOs, chief security officers, and the IT security professionals who work with them face a challenging and sometimes confusing array of security frameworks – these may be pushed down by Federal agencies, issued by national or international standards bodies, promoted by industry as best practice, or in some instances, be written into law or federal regulation. Desperately Seeking Security Frameworks provides an overview of the primary security standards, regulations, and laws that impact state IT security programs, highlights how states have used the frameworks to shape their security architectures, policies, standards, and controls, and identifies the key issues for CIOs as they establish and maintain IT security programs.
Each year NASCIO conducts a survey of the state CIOs to identify and prioritize the top policy and technology issues facing state government. The CIOs top ten priorities are identified and used as input to NASCIO’s programs, planning for conference sessions, and publications.
Each year NASCIO conducts a survey of the state CIOs to identify and prioritize the top policy and technology issues facing state government. The CIOs top ten priorities are identified and used as input to NASCIO’s programs, planning for conference sessions, and publications.
Most state government employees use technology to do their daily work, yet they may not realize the dramatic consequences that can flow from one mistake. As data breaches and security incidents that originate from within state government appear to be on the rise, cultural change is needed. All state employees need to understand that IT security is everyone’s job and understand how to use the state’s IT resources in a way that does not create the risk of a security incident. NASCIO’s Research Brief, “IT Security Awareness and Training: Changing the Culture of State Government” , highlights awareness and training activities that State CIOs can implement to avoid internal threats that can lead to a full-on state government crisis. To assist CIOs in pursuing these efforts, this brief includes many examples of awareness and training activities that are currently taking place with the states. This brief is a product of NASCIO’s Information Security and Privacy Committee.
This brief examines the often overlooked threats from within. Media attention has focused primarily on external threats with federal government and industry reports revealing alarming hacking and identity theft statistics. However, threats from within both public and private sector organizations may be even more prevalent than external threats and can have equally if not more serious consequences.
This brief discusses five significant insider threats and provides insight on ways to prevent, detect and respond to them. The threats are as follows:
These aggregate survey results reflect a snapshot of the state CISO role as of summer 2006. The survey results indicate that the state CISO position has become highly prevalent and is evolving into a state IT security policy and strategy leader. The survey was conducted during the preparation of NASCIO’s July 2006 Research Brief entitled Born of Necessity: The CISO Evolution-Bringing the Technical and the Policy Together.
This brief examines the role of the state Chief Information Security Officer (CISO) as it has evolved in response to the growing complexities of the IT threat environment, homeland security concerns, and the increasing demands for enhanced citizen services. Specific points this brief addresses include critical success factors for state CISOs, the importance of a CISO’s relationship-building across the state and among levels of government, and a few predictions on the future evolution of the state CISO.
