1 / 22

The State of Cybersecurity in State Government NAST March 26, 2019

The State of Cybersecurity in State Government NAST March 26, 2019. Speakers. Doug Robinson. Meredith Ward. About NASCIO. National association representing state chief information officers and information technology executives from the states, territories and D.C.

quade
Download Presentation

The State of Cybersecurity in State Government NAST March 26, 2019

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The State of Cybersecurity in State GovernmentNASTMarch 26, 2019

  2. Speakers Doug Robinson Meredith Ward

  3. About NASCIO • National association representing state chief information officers and information technology executives from the states, territories and D.C. • NASCIO's mission is to foster government excellence through quality business practices, information management, and technology policy. • NASCIO provides members with products and services designed to support the challenging role of the state CIO, stimulate the exchange of information, and promote the adoption of IT best practices and innovations.

  4. STATE CIO TOP 10 PRIORITIES 2019 Strategies, Management & Process Solutions 1. Security and Risk Management 2. Cloud Services 3. Consolidation/Optimization 4. Digital Government 5. Broadband/Wireless Connectivity 6. Budget, Cost Control, Fiscal Management 7. Customer Relationship Management 8. Data Management and Analytics 9. Enterprise IT Governance 10. Identity and Access Management Source: NASCIO State CIO Ballot, November 2018

  5. Cybersecurity Risks in the States

  6. Cyber Disruption: Impacting State Services “State governments and the critical infrastructure within the state are at risk from a cybersecurity attack that could disrupt the normal operations of government and impact citizens. “ Source: NASCIO. This project was supported by Grant No. 2010-DJ-BX-K046 awarded by the Bureau of Justice Assistance.

  7. And People…

  8. What Do States Care About? Reputational/Political Risk • Elected Officials • Agency Directors • Program Managers Financial Risk • Lost Revenue • Fraud and Theft • Breach Costs State Business Risk • Life, Health and Safety • Delivering Services to Citizens • Delivering Services to Employees Privacy & Confidentiality Risk • Personal Information – Identify Theft • Confidential Information

  9. Cybersecurity involves more than just IT – it’s a team sport Protecting critical infrastructure and data is a core responsibility of the state and an investment in risk management

  10. Source: 2018 Deloitte-NASCIO Cybersecurity Study

  11. Source: 2018 Deloitte-NASCIO Cybersecurity Study

  12. Cybersecurity Maturity in the States is Improving… Risk based strategies are being adopted Expanded focus from operational to strategic Expect continued progress in 2019 Source: NASCIO 2018 State CIO Survey

  13. however persistent challenges remainBudget, talent, and threats top three since 2010 2010 2012 2014 2016 2018 1 2 3 3 2 Survey question: Identify the top barriers that your state faces in addressing cybersecurity challenges. Source: 2018 Deloitte-NASCIO Cybersecurity Study

  14. Budget ChallengeMost states only spend 0-3% of their IT budget on cybersecurity Survey question: What percent of your state’s enterprise IT budget is allocated to enterprise cybersecurity? (all executive branch agencies)

  15. Three Bold Plays for Change

  16. Evolving Business Model: CIO as Broker Source: 2018 NASCIO SURVEY | State CIO as a Communicator

  17. Source: NASCIO 2018 State CIO Survey

  18. Source: NASCIO 2018 State CIO Survey

  19. Looking Forward…Action Needed

  20. NASCIO’s Cybersecurity Call to ActionKey Questions for State Leaders • Does your state government support a “culture of information security” with a governance structure of state leadership and all key stakeholders? • Has your state conducted a risk assessment? Is data classified by risk? Are security metrics available? • Has your state implemented an enterprise cybersecurity framework that includes policies, control objectives, practices, standards, and compliance? Is the NIST Cybersecurity Framework a foundation? • Has your state invested in enterprise solutions that provide continuous cyber threat detection, mitigation and vulnerability management? Has the state deployed advanced cyber threat analytics? • Have state employees and contractors been trained for their roles and responsibilities in protecting the state’s assets? • Does your state have a cyber disruption response plan? A crisis communication plan focused on cybersecurity incidents?

  21. Contact Information Meredith Wardmward@nascio.org Doug Robinsondrobinson@nascio.org

More Related