2012 Deloitte-NASCIO Cybersecurity Study – State Governments at Risk: A Call for Collaboration and Compliance

/in , /by

This study reports findings and analysis of a comprehensive survey of State Chief Information Security Officers conducted by NASCIO in partnership with Deloitte in July and August of 2012. Both a repeat and extension of a Deloitte-NASCIO survey originally conducted in 2010, it documents the relative strengths and weaknesses of the security programs that protect state governments’ vital systems and data. The study identifies areas of concern expressed by state CISOs, and provides a call to action for state CIOs and policy officials on the critical need to support and enhance cybersecurity programs.

Download

NASCIO Cyber Security Awareness Resource Guide

/in /by

For the 2012 observance of National Cyber Security Awareness Month, NASCIO has updated its Resource Guide for State Cyber Security Awareness, Education, and Training Initiatives. The guide includes new information from our state members, who provided examples of state awareness programs and initiatives. This is an additional resource of best-practice information, together with an interactive state map to allow users to drilldown to the actual resources that states have developed or are using to promote cyber awareness. It includes contact information for the CISO, hyperlinks to state security and security awareness pages, and information describing cyber security awareness, training, and education initiatives.

The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.

 

Download

Why Should Government Join Up? Why now? What do we gain?

/in , , , /by

Maintaining and increasing government service delivery in the current economic circumstances is nearing the impossible. What is the answer? Part of the answer is the formation of collaborative relationships across agencies and jurisdictions to share and in some circumstances consolidate investments. State and local governments can not afford to go it alone. Through collaborative governance structures, jurisdictions can pool funding, increase buying power, remove or reduce redundant investments in technology and actually make significant gains in the quality of service.

 

Download

The State Identity Credential and Access Management Guidance and Roadmap (SICAM)

/in , , /by

The State Identity and Credential Access Management (SICAM) Guidance and Roadmap outline a strategic vision for state-based identity, credential, and access management efforts, and emphasizes the importance of implementing the SICAM architecture and services in support of the challenges associated with trust, interoperability, security, and process improvement. States can, and should, provide a secure, auditable environment for the processing and exchange of information across the entire spectrum of state business. This guidance promotes an enterprise approach and it is essential that state governments take the initiative to ensure the integrity of the data entrusted to them and provide a high level of security and privacy to citizens, customers, and partners.

 

Download

Is Big Data a Big Deal for State Governments? The Big Data Revolution – Impacts for State Government – Timing is Everything

/in , /by

The volume and velocity of data creation is at all time high – and is accelerating. State government is a veritable data engine creating vast amounts of data from a vast number of sources. That data is being used to comply with regulations; uncover fraud, waste and abuse; and ultimately improve the lives of citizens. The sky is the limit in terms future data generation based on the growth in mobile applications, sensors, cloud services and the growing public private partnerships that must be monitored for performance and service levels, according to NASCIO’s latest in its series of issue briefs on analytics – “Is Big Data a Big Deal?”

In this issue brief, the universe of “big data” will be explored in order to:

  • Create a foundation preliminary to further description and exploration in future briefs, conference sessions and innovations forums.
  • Set common characteristics of big data versus simply lots of data.
  • Emphasize the necessity of data governance and data management within a broader state government enterprise architecture.
  • Present some early recommendations for state government regarding big data.

Download

Leaving Performance Bonds at the Door for Improved IT Procurement

/in , /by

This is the second in a series of briefs on IT procurement modernization. The brief focuses on performance bond trends for state IT projects and is intended to give an overview of how the surety market has significantly changed because of a wave of factors external to the IT industry. The amount of readily available performance bonds has become a challenge and, in some instances, bond companies have begun to require companies to partially or fully collateralize performance bonds with bank letters of credit. In order for states to lower costs and create a competitive procurement pool, states need to consider finding ways of leveraging existing protections and adjusting performance bond requirements if necessary. This brief was developed in partnership with TechAmerica and with contributions from the National Association of State Procurement Officials (NASPO).

 

Download

Leveraging Enterprise Architecture for Improved IT Procurement

/in /by

This brief seeks to present an overview of how the discipline of Enterprise Architecture (EA) can be used to improve and lower costs of state IT procurement. The degree of EA maturity in states can vary as much as the very rules that govern IT procurement, but a closer look will provide guidance on alignment of these vital functions of government. As stewards of tight budgets, it is imperative that state chief information officers (CIOs), state procurement officials, and other state leaders find the best values and are accountable for IT investments. State leaders should consider the benefits of aligning IT procurement and enterprise architecture not only as a way to deliver IT services more effectively, but also as a way to find savings through streamlined investments. This brief was developed in partnership with TechAmerica and with contributions from the National Association of State Procurement Officials (NASPO).

 

Download

A Golden Opportunity for Medicaid IT Transformation: State CIOs and the MITA Framework

/in /by

This is an unprecedented time for health IT in the United States, and the backbone of achieving lower costs, better health outcomes, and system interoperability relies on an enterprise view. In response to the CMS release of Medicaid Information Technology Architecture (MITA) 3.0, the NASCIO Health Care Working Group has formulated guidance to states as they navigate Medicaid IT transformation. NASCIO continues to be an advocate for enterprise solutions and view the MITA framework as a way state CIOs can decouple legacy systems and break down existing silos in state government. State CIOs grasp the importance of modernizing the Medicaid enterprise in a way that is flexible, interoperable, and takes into consideration emerging technologies like cloud computing. In addition to emphasizing conformity to the MITA vision, the report calls attention to emerging security threats in the states and the importance of protecting personally identifiable information and personal health information.

 

Download

Capitals in the Clouds Part IV – Cloud Security: On Mission and Means

/in , /by

This brief presents an emphasis on the cultural and organizational aspects of cloud computing. “Cloud services” imply shared services. When agencies come together to share such a resource there will necessarily have to be an evaluation of the variance in security policies in place in the various partner agencies. Engaging external cloud services can be quite risky if such services have not been properly vetted by state security staff. Much education, awareness, and ongoing communication will be required to ensure state government employees are fully aware of the risks of external cloud services. The imperative for states is to stay connected and maintain the dialogue, sharing intentions and solutions, as state government moves forward with adoption of cloud services. Cloud is not the only solution or avenue for sharing resources. When it is the right solution, it must be employed with proper attention to the security aspects of cloud services, particularly with external cloud services.

Download

Capitals in the Clouds Part III – Recommendations for Mitigating Risks: Jurisdictional, Contracting and Service Levels

/in , , , , , , , , , /by

Cloud computing will continue to be an invaluable resource for state and local governments in their efforts to rationalize and optimize computing resources. Cloud computing should be seen as an IT innovation that can support rationalization and optimization of business services as well as IT services. Due diligence prescribes the necessity of exploring and evaluating jurisdictional issues in order to ensure long term sustainability and growing adoption of collaborative government operations in state and local government.

Download