1 Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State Chief Information Officers
2 About NASCIO National association representing state chief information officers and information technology executives from the states, territories and D.C. NASCIO's mission is to foster government excellence through quality business practices, information management, and technology policy. Founded in 1969 we re a legacy system
3 More Administrative Flexibility Needed for States Secure and Protect Citizen Data and State Digital Assets Support the Adoption and Expansion of the National Information Exchange Model (NIEM) Support State Role in Identity Management and Verification Solutions NASCIO 2012 Federal Advocacy Priorities
4 Fiscal recovery uneven, slow revenue growth, budgets are better, federal deficit reduction impact? CIOs seeking IT operational cost savings and alternative IT sourcing strategies Opportunities for change and innovation Living with the past - modernizing the legacy IT security and risk! Game has changed IT workforce: retirement wave, skills, recruiting State CIO positions major churn State IT Landscape Today
5 CIO Priorities, Trends and Perspectives
6 State CIO Priorities for Consolidation / Optimization: consolidating infrastructure and services, centralizing 2. Budget and Cost Control: managing budget reduction, strategies for savings 3. Governance: improving IT governance, authority, data governance, partnering, collaboration 4. Health Care: Affordable Care Act, health information and insurance exchanges, architecture, partnering, implementation, technology solutions, Medicaid systems 5. Cloud Computing: governance, service management, service catalogs, platform, infrastructure, security, privacy, data ownership, legal issues, vendor management 6. Security: risk assessment, governance, budget and resource requirements; security frameworks, data protection, training and awareness, insider threats, third party security 7. Broadband and Connectivity: strengthening statewide connectivity, public safety wireless network/interoperability, implementing BTOP grant 8. Shared Services: business models, sharing resources, services, infrastructure, independent of organizational structure, service portfolio management 9. Portal: maturing state portal, e-government, single view of the customer/citizen, emphasis on citizen interactive self-service, mobile apps, accessibility 10. Mobile Services/Mobility: devices, applications, workforce, security, policy issues, support, ownership, communications, wireless infrastructure Source: NASCIO State CIO Survey, October 2011
7 Cybersecurity in the States Critical infrastructure protection More aggressive threats organized crime, unorganized crime, hacktivism Spam, phishing, hacking, and network probes up Data breaches trust impact Insider threats, third party Executive support Inadequate funding Need more training, awareness
8 State governments at risk A call to secure citizen data and inspire public trust
9 Survey Results Deloitte and NASCIO issued the 2010 report of a national survey of state government cybersecurity focused on these key areas: information security governance, investments, use of security technologies, quality of operations, privacy, and identity and access management. 49 states responded to the survey
10 Governance The Enterprise CISO position is firmly established in the majority of states. To be successful, CISOs must continue to evolve this position to garner enterprise visibility, authority, executive support and business involvement.
11 1. To whom does your State s CISO, or equivalent responsible for information security, report? Secretary/Department head 8% General Counsel/Legal 0% Chief Information Officer (CIO), State IT Director or 76% Chief Financial Officer (CFO) 0% Chief Security Officer (CSO) 4% Homeland Security Director/Adviser Internal Audit 0% 0% Other 16% Not applicable/do not know 4% 76 percent of the respondents indicated that their State CISOs report directly to the Board of Directors or C- suite, with the largest number reporting to the Chief Information Officer (CIO). 11
12 2. Which functions are within the scope of the CISO or equivalent official? Information Security (IS) strategy and planning IS budgeting IS program measurement and reporting IS governance (architecture, policies, standards) IS compliance and monitoring IS risk assessment and management Incident management Network security and perimeter defense Technical infrastructure security User administration Identity and access management Vulnerability management IS monitoring IS communications, awareness and training Outsourced security functions Background checks Investigations and forensics Fraud management Disaster recovery planning Business continuity management Physical security Other Not applicable/do not know 10% 31% 29% 10% 4% 33% 24% 22% 14% 4% 43% 45% 49% 49% 57% 61% 67% 76% 82% 88% 92% 96% 94% The top five functions of the CISO includes: Information Security (IS) Strategy and Planning (96 percent), Incident Management (94 percent), IS Governance (92 percent), IS Communication (88 percent) and IS Risk Assessment (82 percent).
13 1. Does your State (or agency) have a documented and approved governance for information security (i.e. defined responsibilities, policies and procedures)? Documented and approved 65% Documented but not approved 6% Intend to have one documented and approved within the next 12 months No 10% 12% Not applicable/do not know (please describe below) 6% 65 percent of the respondents indicated that they have a documented and approved governance for information security.
14 6. Does your State (or agency) actively engage both business stakeholders and technology decision makers in identifying requirements for the State s information security strategy? Lines of business decision makers only 2% Technology decision makers only 21% Both lines of business and technology decision makers 71% Neither lines of business nor technology decision makers 4% Not applicable/do not know (please describe below) 2% 71 percent of the respondents indicated that they engage both lines of business and technology decision makers to indentify the State s information security strategy. 14
15 3. Which of the following best describes the state of senior executive support (Governor s Office or CIO) for security projects to effectively address regulatory or legal requirements? Commitment and adequate funding 14% Commitment but inadequate funding 55% No commitment but provide funds 4% No commitment or funds Not applicable/do not know 12% 14% 55 percent of the respondents indicated that they receive commitment from the senior executives but lack adequate funding for security projects to effectively address regulatory or legal requirements.
16 2. Which statement best represents how you measure and demonstrate the value and effectiveness of your information security organization s activities? We have established metrics that have been aligned to business value and report on a scheduled basis 13% We are working on establishing metrics and aligning them to business value 25% We have established metrics that are technical but not well understood by functions outside of information security 31% Little, if any, measurement is undertaken 23% We do not measure 4% Not applicable/do not know 4% 31 percent of the respondents indicated that they measure and demonstrate their value of information security enterprise activities by using technical metrics that are not well understood by non-information security functions.
17 3. How effective are applicable Federal and State regulatory security requirements at improving information security posture and at reducing data breach risks in your State (or agency)? Very effective 4% Somewhat effective 81% Not effective 13% Not applicable/do not know 2% 81 percent of the respondents indicated that the Federal and State regulatory security requirements are somewhat effective in improving the state s information security posture.
18 1. What are your State s top five (5) security initiatives for 2010? Information security strategy Information security governance (e.g., roles, reporting 27% 29% Aligning information security initiatives with those of the 21% Information security risk assessments Data protection 58% 60% Operationalizing information security 15% Information security measurement and reporting 42% Information security talent management 4% Information security training and awareness 54% Information security regulatory and legislative 21% Security infrastructure improvement 33% Application security 42% Identity and access management Security related to technology advancements (e.g., 19% 19% Information security compliance (e.g., internal / external 29% Managing insider threats 4% Managing or outsourcing of security services Disaster recovery Business continuity Other (please specify below) 10% 8% 6% 4% Not applicable/do not know (please describe below) 0% The respondents indicated that their 2010 top five security initiative includes data protection (60 percent), information security risk assessments (58 percent) information security training and awareness (54 percent), application security (42 percent) and information security measurement and reporting (42 percent).
19 What are your State s top five IT security initiatives? 1. Data Protection 2. Information Security Risk Assessments 3. Information Security Training and Awareness 4. Application Security 5. Information Security Measurement and Reporting
20 Lack of management support 10% Lack of executive support 25% Lack of support from business stakeholders 38% Lack of clarity on mandate, roles and responsibilities 25% Conflicting federal rules and requirements 6% Lack of sufficient funding 88% Lack of procurement oversight and control 19% Lack of visibility and influence within the enterprise 38% Lack of an information security strategy (i.e., shifting Inadequate availability of security professionals Inadequate competency of security professionals Lack of State sector focused laws and regulations Lack of documented processes Lack of legislative support Increasing sophistication of threats Emerging technologies Inadequate functionality and/or interoperability of 15% 13% 10% 17% 23% 21% 23% 40% 56% 2. What major barriers does your State face in addressing information security? Other 15% Not applicable/do not know 0%
21 5. What percentage of your department s overall IT budget is allocated to information security? 0% 11% 1-3% 50% 4-6% 15% Greater than 11% 7% Not applicable/do not know 17% 50 percent of the respondents indicated that 1-3 percent of their department s overall IT budget is allocated to information security.
22 2. Does your enterprise provide training to employees (at least annually) to identify and report suspicious activities? Yes 56% Yes, but only where mandated by laws/regulations 11% No 22% Not applicable/do not know (please describe below) 11% 56 percent of the respondents indicated that they provide training (at least annually) for employees to identify and report suspicious activities
23 4. Which of the following are the top three privacy concerns to your State? Unauthorized access to personal information 89% Managing third-party (contractors, service providers, 38% Intra-governmental sharing of information 20% Managing individual agency privacy requirements Aligning operational practices with policies Web-enabled systems and services 29% 27% 33% Cross-border flows of personal information 13% Internal privacy awareness and training 22% None of the above 2% Not applicable/do not know 7% The top three privacy concerns are the unauthorized access to personal information, (89 percent), followed by managing third-party(38 percent) and aligning operational practices with policies(33 percent).
24 1. Which statement best describes the level at which your State handles third party (contractors, service providers, business partners) security capabilities, controls & agency dependencies? Third-party security capabilities and controls are unknown 23% Knowledge of third-party security capabilities, controls and agency dependencies are identified 36% Knowledge of third-party security capabilities, controls and agency dependencies are identified and assessed 18% Knowledge of third-party security capabilities, controls and agency dependencies are regularly reviewed and tested 7% Not applicable/do not know 16% 36 percent of the respondents indicated that they have identified the knowledge of third-party security capabilities, controls, and agency dependencies; 23 percent indicated that the third-party security capabilities and controls are unknown.
25 2. How confident are you in the information security practices of your third parties (contractors, service providers, business partners)? Not very confident 20% Somewhat confident 69% Very confident 7% Extremely confident Not applicable/do not know 2% 2% 69 percent of the respondents indicated they are somewhat confident in the information security practices of their third parties whereas only seven percent indicated that they are very confident in the third party information security practices.
26 Growing IT Security Risks in the States Protecting legacy systems Expansion of wireless networks Online transactions Use of social media platforms Mobile devices and services Use of personally-owned devices (BYOD) for state business Adoption of cloud services; rouge cloud users Consumer digital devices in the workplace Third-party contractors and managed services
27 Business objectives Governance Acquisition strategy Jurisdictional issues Security and privacy concerns Policy and legal issues Exit strategy
28 Apply existing security framework and policies Consumer cloud vs. industrial strength Test drive: start with private cloud 3 rd party contracts protect state interests Enable legitimate business use Monitor & control unauthorized use Leverage FedRAMP
29 Today s State IT Workforce: Under Pressure State CIOs say % of state IT employees eligible for retirement within the next five years Fiscal stress - hiring freezes and elimination of vacant positions Nearly two-thirds say they anticipate having to reduce IT staff IT Security positions are difficult to recruit and retain Source: NASCIO State IT Workforce: Under Pressure, January 2011
30 Challenges Recruiting IT Security Professionals Skills and disciplines that present a challenge to fill Secuity 52.4% Project Management App & Mobile App 47.6% 50.0% Architecture 47.6% Analysis and Design 42.9% 40% 45% 50% 55% Comparison of total percentage of responses Source: NASCIO State IT Workforce: Under Pressure, January 2011
31 DHS National Cyber Security Review (NCSR): 2011 Baseline Assessment of the States Comprehensive risk-based survey of states and large urban areas Focus on 12 control areas using maturity model approach Key findings: identification of capabilities and gaps Potential areas to focus security programs for improvements Tool that can be used for additional cybersecurity reviews Metrics for cybersecurity investment justifications Reports to each respondent providing best practices and recommendations to improve cybersecurity posture What did we learn? States have major gaps in key areas
32 Looking Ahead: Action Items for States Looking Ahead More education and awareness of the risks More IT consolidation, shared services Consider NASCIO s Core Services Taxonomy for IT Security programs Outsourcing: more steering, less rowing IT implications of healthcare reform More intra-state, inter-state and federal collaboration Demand for performance, results State Centers of Excellence for cyber education & research Extending the enterprise: locals? Massive collaboration - Web 2.0 Funded research, scholarships, internships Sharing best practices, recognition
33 NASCIO Cybersecurity Call to Action Key Questions for State Leaders Have you created a culture of information security in your state government? Have you adopted a cybersecurity framework, based on national standards & guidelines? Have you acquired continuous vulnerability management capabilities? Have you documented the effectiveness of your cybersecurity with metrics and testing? Have you developed security awareness training for workers and contractors?
State eid Priorities, Issues and Trends AAMVA 2012 International Conference August 21, 2012 Chad Grant, Senior Policy Analyst National Association of State Chief Information Officers About NASCIO National
The Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap AAMVA Region I Conference E-ID, DLDV, and Privacy Conducting Business Securely
State of the States: IT Trends, Priorities and Issues OSC Financial Conference 2012 Doug Robinson, Executive Director National Association of State Chief Information Officers Fiscal recovery: budgets are
The Digital Identity Ecosystem of the States: Securing the Enterprise Security Industry Alliance September 28, 2011 Doug Robinson, Executive Director National Association of State Chief Information Officers
Under the Digital Dome: State IT Priorities, Trends and Perspectives Best Practices Exchange 2014 Conference Montgomery, Alabama November 19, 2014 Doug Robinson, Executive Director National Association
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
State of the States: IT Trends and the Cyber Security Agenda Executive Policy Forum on Cyber and Electronic Crime NGA Center for Best Practices September 9, 2008 Doug Robinson Executive Director NASCIO
NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will
State of the States: Priorities, Trends and Issues NCSL Fall Forum December 6, 2013 Mitch Herckis Director of Government Affairs National Association of State Chief Information Officers Today s State IT
SMART LEAN GOVERNMENT NASCIO Direction, State Experiences and Federated Identity Management April 29, 2014 Eric Sweden, Program Director, Enterprise Architecture & Governance Overview Enterprise.... Federation....
Managing Data as a Strategic Asset: Reality and Rewards GTA Technology Summit 2015 May 11, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About
State CIOs, Emerging Trends and the Forces of Change xchange SLED Conference May 25, 2016 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
SESSION ID: PNG-R04 States at Risk: Cyber Threat Sophistication, Inadequate Budget and Talent MODERATOR: Christopher Ipsen CIO Nevada Desert Research Institute PANELISTS: Tim Hastings Chief Information
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
State IT Workforce: Recruiting and Retaining Tech Talent NCSL Legislative Summit Minneapolis, MN August 19, 2014 Doug Robinson, Executive Director National Association of State Chief Information Officers
NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA
Formed in 1976, NASCA brings together state general services professionals from the 50 states, the District of Columbia and the U.S. territories to develop creative and timely solutions to issues facing
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
Pennsylvania s Alignment & Implementation of the Call to Action Erik Avakian, CISSP, CISA, CISM Chief Information Security Officer Commonwealth of Pennsylvania firstname.lastname@example.org 1. Establish a Governance
Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of
The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session Robert Smith Systemwide IT Policy Director Compliance & Audit Educational Series 5/5/2016 1 Today s reality There are two kinds
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
WHITE PAPER Executive Management of Information Security _experience the commitment Entire contents 2004, 2010 by CGI Group Inc. All rights reserved. Reproduction of this publication in any form without
2012 Deloitte-NASCIO Cybersecurity Study State Officials Questionnaire - Aggregate Results (NASACT) November, 2012 Note: This document has been produced for the sole use of National Association of State
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
Information Systems Security Line of Business (ISS LoB) Information Security and Privacy Advisory Board George Washington University Washington, DC March 22, 2007 Agenda Background Status Next Steps Background
Written Testimony of Mark Kneidinger Director, Federal Network Resilience Office of Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON PERIODIC INFORMATION SECURITY AND PENETRATION AUDITS OF THE EXECUTIVE BRANCH INFORMATION TECHNOLOGY SYSTEMS APRIL 1, 2016 SUBMITTED TO THE TWENTY-EIGHTH
State of South Carolina Initial Security Assessment Deloitte & Touche LLP Date: May 1, 2013 Our services were performed in accordance with the Statement on Standards for Consulting Services that is issued
2014 Deloitte-NASCIO Cybersecurity Study State governments at risk: Time to move forward A publication of Deloitte and the National Association of State Chief Information Officers (NASCIO) Contents Message
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women
The Florida Senate BILL ANALYSIS AND FISCAL IMPACT STATEMENT (This document is based on the provisions contained in the legislation as of the latest date listed below.) Prepared By: The Professional Staff
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos
Leveraging MITA to Implement Service Oriented Architecture and Enterprise Data Management Category: Cross Boundary Collaboration Initiation date: August 2011 Completion date: October 2013 Nomination submitted
Audit of NRC s Network Security Operations Center OIG-16-A-07 January 11, 2016 All publicly available OIG reports (including this report) are accessible through NRC s Web site at http://www.nrc.gov/reading-rm/doc-collections/insp-gen
CYBER RISK UPDATE BOARD OF GOVERNORS MEETING JUNE 25, 2014 EXECUTIVE SUMMARY Cyber risk has become a major threat to organizations around the world, as highlighted in several well-publicized data breaches
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
GOVERNMENT USE OF MOBILE TECHNOLOGY Barriers, Opportunities, and Gap Analysis DECEMBER 2012 Product of the Digital Services Advisory Group and Federal Chief Information Officers Council Contents Introduction...
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
Global Technology Services Research Report Risk Management The economics of IT risk and reputation What business continuity and IT security really mean to your organization Findings from the IBM Global
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
Office of the Chief Information Officer Business Plan: 2012 2015 Department / Ministère: Executive Council Date: November 15, 2012 1 P a g e This Page Left Intentionally Blank 2 P a g e Contents The Business
Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.
State of Montana Strategic Plan for Information Technology 2014 This document is prepared under the authority of the Montana Information Technology Act of 2001. It is published biennially unless special
A Pulse on Virtualization & Cloud Computing Prepared for Quest Software by Norwich University, School of Graduate and Continuing Studies April 2011 2010 Quest Software, Inc. ALL RIGHTS RESERVED Table of
State of Information Security Second Annual Assessment Study 2013 Table of Contents: Synopsis and Methodology _ page 2 A Snapshot of Participants _ page 2 Survey Findings _ page 5 Final Thoughts _ page
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
SESSION ID: CXO-W04 Don t Get Left in the Dust: How to Evolve from CISO to CIRO JC-JC James Christiansen VP Information Risk Management Accuvant email@example.com Bradley J. Schaufenbuel, CISSP
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
Access Health CT: Connecticut s Health Insurance Marketplace NASCIO 2014 State IT Recognition Awards Category: Digital Government: Government to Citizen Contact: Mark Raymond State of Connecticut Chief
Accenture Risk Management Industry Report Life Sciences Risk management as a source of competitive advantage and high performance in the life sciences industry Risk management that enables long-term competitive
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
All Eyes: A Security Breach Exercise Disaster Recovery/Security and Business Continuity Readiness Commonwealth of Pennsylvania Molly Dougherty, Director Continuity of Government and Records Information
Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:
Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information
Section A Cover Page 2008 NASCIO Award Submission Utilizing PCI Compliance to Improve Enterprise Risk Management Information Security and Privacy Michigan Section B - Executive Summary Michigan has implemented
STATEMENT OF CHARLES EDWARDS DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY U.S. HOUSE OF REPRESENTATIVES
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management
2013-2016 Strategic Plan Office for Information Technology Message from the Chief Information Officer Shortly after Governor Corbett took office in 2011, the Office of Administration/Office for Information
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
Defending against modern cyber threats Protecting Critical Assets October 2011 Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Agenda 1. The seriousness of today s situation
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
Deputy Chief Financial Officer Peggy Sherry And Chief Information Security Officer Robert West U.S. Department of Homeland Security Testimony Before the Subcommittee on Government Organization, Efficiency
2012 Deloitte-NASCIO Cybersecurity Study State governments at risk: a call for collaboration and compliance A publication of Deloitte and the National Association of State Chief Information Officers Contents
The Heart of the Matter: A Core Services Taxonomy for State IT Security Programs NASCIO Staff Contact: Charles Robb Senior Policy Analyst NASCIO NASCIO represents state chief information officers and information
Secure Wireless LAN Michigan Department of Information Technology Contact Info: Jack Harris Director of Telecommunications Michigan Department of Information Technology 608 West Allegan 1st floor - MDIT
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
Breaking Down the Silos: A 21st Century Approach to Information Governance May 2015 Introduction With the spotlight on data breaches and privacy, organizations are increasing their focus on information