SMART LEAN GOVERNMENT NASCIO. Direction, State Experiences and Federated Identity Management. April 29, 2014

Similar documents
State of the States: IT Trends, Priorities and Issues

Cybersecurity in the States 2012: Priorities, Issues and Trends

The Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap

The Digital Identity Ecosystem of the States: Securing the Enterprise

State of the States: Priorities, Trends and Issues NCSL Fall Forum December 6, 2013

Under the Digital Dome: State IT Priorities, Trends and Perspectives

Emerging Trends in Information. Impacting the States

State Governments at Risk: The Data Breach Reality

Forces of Change: Perspectives and Trends on State Information Technology 2015 Annual NAJIS Conference October 6, 2015

IT Trends and the Cyber Security Agenda

Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS)

National Cyber Security Policy -2013

Key Cyber Risks at the ERP Level

Destination: Advancing Enterprise Portfolio Management First Stop: Issues Management

Trends. AAMVA 2012 International Conference August 21, 2012

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012

Multi-Jurisdictional Provision of Audio, Video, and Web Conferencing Services

State CIOs, Emerging Trends and the Forces of Change

CYBER SECURITY, A GROWING CIO PRIORITY

DoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO

The Virginia Corrections Information System (VirginiaCORIS)

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

2012 Deloitte-NASCIO Cybersecurity Study State Officials Questionnaire - Aggregate Results (NASACT)

CHAPTER 3 : INCIDENT RESPONSE THREAT INTELLIGENCE GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through trust

Cybersecurity: Mission integration to protect your assets

Security Analytics for Smart Grid

Nanci Knight IBM Academic Initiative Ecosystem Development Relationship Manager West Region cell:

NATIONAL CYBER SECURITY AWARENESS MONTH

Partnership for Cyber Resilience

Changing the Enterprise Security Landscape

Implementing Practical Information Security Programs

Cybersecurity and Privacy Hot Topics 2015

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

CYBER SECURITY: PERILS AND OPPORTUNITIES

Office of the Chief Information Officer

Risk Analytics for Cyber Security

Into the cybersecurity breach

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years

Securing the Future: Mobile Applications for Public Safety (MAPS)

The Heart of the Matter:

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)

IRM FY Information Resources Management Strategic Plan

Cyber Security. John Leek Chief Strategist

Cybersecurity The role of Internal Audit

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

Agency for State Technology

Hans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

National Initiative for Cyber Security Education

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

New York State Department of Financial Services. Report on Cyber Security in the Banking Sector

Developing a robust cyber security governance framework 16 April 2015

SECURITY AT THE EDGE: PROTECTING MOBILE COMPUTING DEVICES PART II: POLICIES ON THE USE OF PERSONALLY OWNED SMARTPHONES IN STATE GOVERNMENT

Managing Data as a Strategic Asset: Reality and Rewards

State IT Workforce: Recruiting and Retaining Tech Talent NCSL Legislative Summit Minneapolis, MN August 19, 2014

The Cyber Security Leap: From Laggard to Leader. April 2015

Aalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014

State of Minnesota IT Governance Framework

INFRAGARD.ORG. Portland FBI. Unclassified 1

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

11/27/2015. Cyber Risk as a Component of Business Risk: Communicating with the C-Suite. Conflict of interest. Learning Objectives

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Managing cyber risks with insurance

September 10, Dear Administrator Scott:

RETHINKING CYBER SECURITY Changing the Business Conversation

Enterprise Security Tactical Plan

ITCC. November 18,2015 ITD Room 438

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

12/11/15. Evolving Cybersecurity Risks. Agenda. The current cyber risk landscape Overview. Results on EY s Global Information Security Survey

NASCIO 2014 State IT Recognition Awards

Building a Roadmap to Robust Identity and Access Management

TESTIMONY OF STEVE COOPER DEPARTMENT OF COMMERCE CHIEF INFORMATION OFFICER BEFORE THE SUBCOMMITTEES ON

Fostering Incident Response and Digital Forensics Research

Enterprise Architecture Maturity Model

Network Security Deployment Obligation and Expenditure Report

Cybersecurity Enhancement Account. FY 2017 President s Budget

Public Safety and Homeland Security. National Broadband Plan Recommendations

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

STATE OF MARYLAND 2017 INFORMATION TECHNOLOGY MASTER PLAN (ITMP) Department of Information Technology David Garcia; State CIO

Avoiding chaos on the mobile transformation journey. Barriers to true mobile transformation.

Address C-level Cybersecurity issues to enable and secure Digital transformation

CYBER SECURITY GUIDANCE

The Enterprise Imperative:

Incident Response 101: You ve been hacked, now what?

Defining a Secure Mobile Framework Architecture at DHA

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response

Statewide Electronic Collision and Ticket Online Records (SECTOR)

Arizona Department of Homeland Security

10 Smart Ideas for. Keeping Data Safe. From Hackers

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

Note: NASCA is in the process of collecting the top pain points for 2016.

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION

Transcription:

SMART LEAN GOVERNMENT NASCIO Direction, State Experiences and Federated Identity Management April 29, 2014 Eric Sweden, Program Director, Enterprise Architecture & Governance

Overview Enterprise.... Federation.... Ecosystem Cross-Jurisdictional Joining Up Enablers Identity Management Smart Lean Rationalize Optimize Simplify

A. Priority Strategies, Management Processes and Solutions Move First 1. Security 2. Consolidation / Optimization 3. Cloud Services 4. Project and Portfolio Management 5. Strategic IT Planning 6. Budget and Cost Control 7. Mobile Services / Mobility 8. Shared Services 9. Interoperable Nationwide Public Safety Broadband Network (FirstNet) 10.Health Care Source: NASCIO State CIO Survey, November 2013

A. Priority Strategies, Management Processes and Solutions Security: risk assessment, governance, budget and resource requirements, security frameworks, data protection, training and awareness, insider threats, third party security practices as outsourcing increases, determining what constitutes due care or reasonable Source: NASCIO State CIO Survey, November 2013

A. Priority Strategies, Management Processes and Solutions Project and Portfolio Management: project management discipline, enterprise portfolio management (EPM), oversight, portfolio review, IT Investment Management (ITIM), training/certification of staff, traceability to mission and strategy, scope management, execution Source: NASCIO State CIO Survey, November 2013

A. Priority Strategies, Management Processes and Solutions Project and Portfolio Management: project management discipline, enterprise portfolio management (EPM), oversight, portfolio review, IT Investment Management (ITIM), training/certification of staff, traceability to mission and strategy, scope management, execution Source: NASCIO State CIO Survey, November 2013

Source: NASCIO State CIO Survey, November 2013

IT Project and Portfolio Management Widely implemented but generally not effective Need enterprise-wide governance Good at monitoring ongoing projects Ineffective in driving IT investment

IT Project and Portfolio Management

IT Project and Portfolio Management

IT Project and Portfolio Management 37% of State CIOs - Portfolio Management Practices are Effective Keys to Effective IT Investment Management Statewide Standards for Business Cases Stronger Executive-Level Engagement Strong Enterprise-wide Oversight Role by CIO

NASCIO on Enterprise Portfolio Management

State CIO Challenge Balancing Needs and Resources Enterprise Architecture - the path to Government Transformation

Many Portfolios Policies Opportunities Obligations Risks Mandates Constituents Portfolios Populations Roles Technologies Special Interests Lines of Business Best Practices

Enterprise Architecture Value Chain Observe the Contextual Environment Fiscal Circumstances Macroeconomics Customer Expectations Customer Behavior Regulations New Technology Competition Mandate Observe the Need or Opportunity (Market) SWOT Analysis Risks Analysis Assumptions Policies Stakeholders Supply / Demand Economics Access Decisions Determine Strategic Business Intent Mission Vision Goals Objectives Strategies Performance Enable Strategic Business Intent Business Relationships Processes Information Organizations Value Chains Management Initiatives Analytics / Six Sigma Balanced Scorecard Geospatial Capabilities Records Management Security Capabilities Enterprise Architecture - the path to Government Transformation

Issues Portfolio Enterprise Architecture - the path to Government Transformation

Issues Portfolio Observe the Contextual Environment Environmental Natural Resources Public Health Fiscal Circumstances Macroeconomics Customer Expectations Customer Behavior Regulations New Technology Competition Mandate Surfaces Business Needs Economics Public Safety Defense Education Enterprise Architecture - the path to Government Transformation

Public Health Portfolio Public Health Health Equity Primary Care Workforce Adequacy & Capacity of Governmental Health Infrastructure Health Quality Health Information Exchange Pandemic / Emergency Preparedness Substance Abuse Enterprise Architecture - the path to Government Transformation

Public Safety Portfolio Public Safety Protecting & Supporting Victims of Crime Human Trafficking Recidivism Securing Borders Crime Prevention Pandemic / Emergency Preparedness Substance Abuse Substance abuse what is happening here? Enterprise Architecture - the path to Government Transformation

Inter-related Public Sector Spheres Economics Public Health Public Safety Education

NASCIO Rendering of the Issue Management Council s Original Issue Management Process Model Issue Identification Evaluation of results Issues Analysis Issue action program Issue change strategy http://issuemanagement.org/learnmore/origins-of-issue-management/

NASCIO EA Value Chain Expanded Evaluation Prioritization Requirements Requirements Requirements Requirements Business Need Business Need Business Need Business Need Business Need Business Need

IT Procurement Widespread adoption of reforms is slow Two Major Focus Areas for this survey contract terms & conditions the procurement process

IT Procurement Challenges Lengthy process Risk averse nature inhibits innovation Identify and mitigate all perceived risks Equitable sharing of risk

IT Procurement Recommendations Recommendations Establish a reasonable cap on vendor financial exposure Adopt license rather than acquisition Limit indemnification obligations to tangible losses injury death damage

IT Procurement How would you rate the effectiveness of your IT procurement process?

IT Procurement

Cybersecurity Most states have adopted continuous vulnerability testing Challenges documenting program effectiveness developing cybersecurity disruption response plans

Cybersecurity Threats Require formal strategy Adequate resources Constant vigilance

Cybersecurity Threats

Identity and Access Management Half of the states have an IAM model implemented or under way Some states are extended their IAM model to include citizens Who are you? Can you prove it?

Identity and Access Management

Identity and Access Management

9. For identity and access management, how would you classify your state s progress? (State Government only) 26% 40% 23% A. My state has an enterprise approach to identify and access management. B. My state has a siloed and incompatible identity management systems, but we want to move to an enterprise approach. C. There have been discussions on identity management systems, but little progress has been made D. It s just not a priority at this time 11%

Cross Jurisdictional Collaboration Most states include on strategic agenda Challenges governance turf

Cross Jurisdictional Collaboration

Cross Jurisdictional Collaboration Types of services states are providing particularly to local government

Cross Jurisdictional Collaboration

Cybersecurity Cybersecurity continues to be one of the most pressing challenges facing State Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) today. Security threats to states have been widely reported, however the nature of the game has changed. Cybercriminals and hacktivists a new breed of hacker with a political or social agenda use increasingly sophisticated methods involving rapidly evolving technologies to target cyber infrastructure for monetary gain and to make political statements.

Cybersecurity

Cybersecurity

Cybersecurity

10. Which security risk concerns you the most? (State Government only) 7% 15% 11% 9% A. End-user downloads of non-approved apps B. Insider threats C. Email malware and phishing D. Mobile devices and BYOD E. Sophisticated, pre-meditated attacks by hackers 59%

Identity and Access Management

Scaling Interoperable Trust through a Trustmark Marketplace John Wandelt john.wandelt@gtri.gatech.edu Georgia Tech Research Institute October 2013

Smart Lean Government (SLG) 21 st Century Collaborative Solutions Serving Customers More Responsively, Quickly, Efficiently April 29, 2014 Presented by: Eric Sweden NASCIO Advancing Government through Collaboration, Education and Action

Resources Cyberspace Law: Identity Management Legal Task Force https://apps.americanbar.org/dch/committee.cfm?com=cl320041 CyberSecurity Newsbriefs http://www.infoinc.com/nascio_cybersecurity/mailinglist.cfm?formid=1&serviceid=466 EA Newsbriefs http://www.infoinc.com/nascio_enterprisearchitecture/mailinglist.cfm?formid=1&serviceid=487 The Heart of the Matter: A Core Services Taxonomy for State IT Security Programs October 2011 www.nascio.org/publications

Connect with NASCIO... www.nascio.org www.facebook.com www.linkedin.com www.youtube.com/nasciomedia www.twitter.com/nasci o Eric Sweden MSIH MBA Program Director, Enterprise Architecture & Governance NASCIO 201 East Main Street, Suite 1405, Lexington, KY 40507 USA 859.514.9189 esweden@nascio.org Thank You!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information