Advanced Cyber Analytics

/in , , , , , , , , /by

This report examines the subject of advanced cyber analytics.  It makes the case for states to invest in such capabilities and maintain ongoing maturity in advanced analytics.  All organizations, including state government must also develop and maintain response capabilities that continuously mature in sophistication in order to keep pace with an ever changing threat landscape. State government remains in a defensive position.  With the advent of multi-vector strategies by cyber criminals, state government now more than ever needs the ability to correlate disparate data sources generated from the myriad of security tools agencies have already invested in.  Examples of advanced analytics tools are provided.  The report includes a call to action list, a checklist, key questions, and recommendations.

Download

 

Cyber Disruption Response Planning Guide

/in , , , , , , , , , /by

 

State government must now view cyber attacks that are more than cyber incidents.  We must prepare for larger magnitude events.  These can be termed cyber disruptions, disasters or even catastrophes.  This publication includes the following:

  • A call to action for states to develop state cyber disruption response plans that include: a governance structure that clearly designates who is in charge in a given event or phase of an event; development of a risk profile for state assets; collaboration among the various agencies that have cyber responsibility; and a communication plan to ensure the right people have the right information as early as possible so they can response effectively.
  • A checklist for states to work with in developing progress toward a cyber disruption response operating discipline.
  • A cross functional process description that can be used as a starting point for states to develop their own unique cross functional process for orchestrated planning and response at various threat levels.

 

Download

State CIO Top Ten Policy and Technology Priorities for 2016

/in , , , , , , , , , /by

Each year NASCIO conducts a survey of the state CIOs to identify and prioritize the top policy and technology issues facing state government. The CIOs top ten priorities are identified and used as input to NASCIO’s programs, planning for conference sessions, and publications.

Download

 

The 2015 State CIO Survey: The Value Equation

/in , , , , , , , , , , /by

NASCIO, Grant Thornton LLP and CompTIA have collaborated for a sixth consecutive year to survey state government IT leaders on current issues, trends and perspectives. The survey sponsors seek to provide these state government IT leaders with an opportunity to voice their thoughts and opinions on matters of high importance. Governors, legislatures and business leaders can benefit from these knowledgeable insights about essential state IT services. As highlighted in the survey results, the state IT and business landscape continues to change, reflecting both emerging approaches to delivering IT products and services, and also the faster paced, more complex environment faced by state CIOs. We asked state CIOs to share their perspective on a number of topics, with a particular focus on the emerging role of the CIO as a broker of shared services, and on the use of incremental software development approaches to accelerate the delivery of value to customers. These topics share a common theme – customer expectations continue to rise, and state CIOs must be agile enough to adapt to changing circumstances and to rapidly deliver business value. State CIOs also shared their thoughts on the leadership attributes they perceive as most valuable for a state CIO, and which dimensions of the role were most critical for success. Cybersecurity , cloud services, mobility, broadband and IT procurement represent other high priority topics covered in the survey report.

 

Download

 

Interactive e-version

 

Downloadable Survey Charts

2015 CISO Toolkit

/in , /by

Moving Forward: Leadership Toolkit for State CISOs includes state CISO critical leadership traits, how state CISOs and private sector CISOs differ and the tenure of state CISOs. This publication examines survey responses, gives “advice from the trenches” and details other critical success factors for state CISOs.

 

Download

NASCIO 2015 Cybersecurity Awareness Resource Guide

/in /by

For the 2015 observance of National Cyber Security Awareness Month, NASCIO has updated its Resource Guide for State Cybersecurity Awareness, Education, and Training Initiatives. The guide includes new information from our state members, who provided examples of state awareness programs and initiatives. This is an additional resource of best-practice information, together with an interactive state map to allow users to drilldown to the actual resources that states have developed or are using to promote cyber awareness. It includes contact information for the CISO, hyperlinks to state security and security awareness pages, and information describing cybersecurity awareness, training, and education initiatives.

The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.

 

Download

Unmanned Aerial Systems, Governance and State CIOs: On the Radar

/in , , , /by

State governments are turning to unmanned aerial systems (UAS) for a variety of applications. This brief lays out important public policy issues when it comes to state CIO governance of UAS.

Download

State CIO Top Ten Policy and Technology Priorities for 2015

/in , , , , , , , , , /by

Each year NASCIO conducts a survey of the state CIOs to identify and prioritize the top policy and technology issues facing state government. The CIOs top ten priorities are identified and used as input to NASCIO’s programs, planning for conference sessions, and publications.

Download

Priority Strategies, Management Processes and Solutions

Top 10 Final Ranking

  1. Security: risk assessment, governance, budget and resource requirements, security frameworks, data protection, training and awareness, insider threats, third party security practices as outsourcing increases, determining what constitutes “due care” or “reasonable”
  2. Cloud Services: cloud strategy, proper selection of service and deployment models, scalable and elastic IT-enabled capabilities provided “as a service” using internet technologies, governance, service management, service catalogs, platform, infrastructure, security, privacy, data ownership
  3. Consolidation/Optimization: centralizing, consolidating services, operations, resources, infrastructure, data centers, communications and marketing “enterprise” thinking, identifying and dealing with barriers
  4. Broadband/Wireless Connectivity: strengthening statewide connectivity; implementing broadband technology opportunities
  5. Budget and Cost Control: managing budget reduction; strategies for savings; reducing or avoiding costs; dealing with inadequate funding and budget constraints
  6. Human Resources/Talent Management: human capital/IT workforce; workforce reduction; attracting, developing and retaining IT personnel; retirement wave planning; succession planning; support/training, portal for workforce data and trends
  7. Strategic IT Planning: vision and roadmap for IT, recognition by administration that IT is a strategic capability, integrating and influencing strategic planning and visioning with consideration of future IT innovations, aligning with Governor’s policy agenda
  8. Mobile Services/Mobility/Enterprise Mobility Management: devices, applications, workforce, security, policy issues, support, ownership, communications, wireless infrastructure, BYOD
  9. Disaster Recovery/Business Continuity: improving disaster recovery, business continuity planning and readiness, pandemic/epidemic and IT impact, testing
  10. Customer Relationship Management: building customer agency confidence and collaboration, internal customer service strategies, service level agreements (demand planning)

2014 Deloitte-NASCIO Cybersecurity Study – State Governments at Risk: Time to Move Forward

/in , /by

This study reports findings and analysis of a comprehensive survey of State Chief Information Security Officers (CISOs) conducted by NASCIO in partnership with Deloitte. The results of the 2014 Deloitte-NASCIO Cybersecurity Study confirm the growing importance of cybersecurity for states. The following key themes emerged from our analysis:

Maturing role of the CISO: State CISO role continues to gain legitimacy in authority and reporting relationships. The responsibilities of the position are becoming more consistent across states, yet expanding.

Continuing budget-strategy disconnect: The improving economy and states’ growing commitment to cybersecurity have led to an increase – albeit small, in budgets. CISOs have also been successful at tapping supplemental resources, whether from other state agencies, federal funding, or various agency and business leaders. Nevertheless, budgets are still not sufficient to fully implement effective cybersecurity programs – it continues to be the top barrier for CISOs according to the survey results.

Cyber complexity challenge: State information systems house a wide range of sensitive citizen data, making them especially attractive targets for cyber-attacks. CISOs are concerned about the intensity, volume and complexity of cyber threats that run the gamut from malicious code to zero-day attacks.

Talent crisis: The skill sets needed for effective cybersecurity protection and monitoring are in heavy demand across all sectors. State CISOs are struggling to recruit and retain people with the right skills, and they will need to establish career growth paths and find creative ways to build their cybersecurity teams.

Download

Media:

Webinars: