Resource Guide for State Cyber Security Awareness, Education, and Training Initiatives

For the observance of the sixth annual National Cyber Security Awareness Month, NASCIO has created a Resource Guide of examples of state awareness programs and initiatives. The compendium augments previously gathered information with data from a just-completed, short survey of state CISOs. It includes links to state security awareness pages, contact information for state CISOs, and information describing cyber security awareness, training, and education initiatives that target four categories: Executives/Elected Officials; Citizens; State Workers; and IT Security Personnel.

The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.



HITECH in the States: Action List for State CIOs

In recent years, health information technology has grown from a burgeoning trend to a top policy priority for NASCIO as state CIOs from across the nation have become increasingly involved in health IT initiatives in their states. With billions of dollars now allocated to flow into health IT and health information exchange (HIE) initiatives around the country under the American Recovery and Reinvestment Act (ARRA), this trend is only poised to accelerate. HITECH in the States: Action List for State CIOs examines the impact on states—and the implications for state CIOs—of the HITECH Act (ARRA’s health IT requirements) and outlines four broad areas in which state CIOs can have an immediate, and long-term, impact in regards to HIE: Planning, Governance, Financing/Sustainability and Policy. Additionally, this brief highlights the questions that state CIOs should be asking as they work to begin exploring their role within these HIE efforts and also features the affect of the HITECH Act on the Medicaid IT Architecture (MITA) initiative.



States Run on IT

NASCIO and its Corporate Leadership Council collaborated to create “States Run on IT”.

A fresh look at the computing environment and technical infrastructure will help state government better serve 21st century citizens. Citizens demand mobile, responsive, and technology-enabled government services that are delivered as conveniently as online banking or shopping. The most effective and efficient businesses work at the speed of information and the best governments should too. Does yours?

This document is intended to start a dialogue.

  • Use it to introduce the topic to newly elected or appointed officials.
  • Leave it as a take away when you meet with IT funding decision makers.
  • Use it to help us carry a consistent message to public sector leaders.



Security at the Edge — Protecting Mobile Computing Devices

The business of government is increasingly conducted or supported by mobile computing devices as states adopt these tools to un-tether traditional office workers from their desks or employ them for a wide variety of purposes in the field. Use of mobile devices is so widespread that it is difficult to imagine how state governments can operate without them, given their increased computing power and the ease with which they may be integrated with state networks and databases via the Internet. At the same time, however, mobile devices are unusually vulnerable to loss, theft, mis-use, or misconfiguration, which can and does lead to the loss of sensitive data. Security at the Edge highlights the risks associated with uncontrolled use of mobile devices, and targets the standards and procedural controls that allow state CIOs to better secure them.



Data Governance Part III: Frameworks – Structure for Organizing Complexity

This issue brief presents the concept of frameworks that describes what constitutes a data governance program, with a focus on frameworks from the Data Management Association (DAMA), the Data Governance Institute (DGI), and IBM. Use of frameworks can assist state government in planning and executing on an effective data governance initiative. They assist in achieving completeness in a program. In any subject or discipline frameworks and maturity models assist in describing the scope – both breadth and depth – of an initiative. This holds true as well for data, information and knowledge management.



Profiles of Progress 3: State Health IT Initiatives

The passage of the American Recovery and Reinvestment Act (ARRA), which allocated billions of dollars to flow into health IT initiatives across the country, has ushered forth a new era for health IT. This is an unprecedented moment for healthcare stakeholders and government, at all levels, to invest significant resources toward health IT and health information exchange initiatives. This compendium, “Profiles of Progress 3: State Health IT Initiatives,” is a product of NASCIO’s Health IT Working Group. It provides a state-by-state “snapshot” of progress that each state has made toward developing and implementing health information exchange and other health IT initiatives. It specifically examines the role of the state CIO in these efforts, and also includes an overview of the implications for health IT since the passage of the ARRA.



Data Governance Part II: Maturity Models – A Path to Progress

Data governance maturity models provide a foundational reference for understanding data governance and for understanding the journey that must be anticipated and planned for achieving effective governance of data, information and knowledge assets. This report continues to build on the concepts presented in Data Governance Part I. It presents a portfolio of data governance maturity models.


Desperately Seeking Security Frameworks – A Roadmap for State CIOs

State CIOs, chief security officers, and the IT security professionals who work with them face a challenging and sometimes confusing array of security frameworks – these may be pushed down by Federal agencies, issued by national or international standards bodies, promoted by industry as best practice, or in some instances, be written into law or federal regulation. Desperately Seeking Security Frameworks provides an overview of the primary security standards, regulations, and laws that impact state IT security programs, highlights how states have used the frameworks to shape their security architectures, policies, standards, and controls, and identifies the key issues for CIOs as they establish and maintain IT security programs.



Digital States at Risk!: Modernizing Legacy Systems

A product of NASCIO’s Legacy Systems & Modernization Working Group, this report is based on the findings of its 2008 national survey of state CIOs. The report provides an assessment of states’ primary points-of-concern as they relate to legacy system modernization and provides insight into strategies, options and approaches states are considering as they move towards a modern IT enterprise environment.



State CIO Top Ten Policy and Technology Priorities for 2009

Each year NASCIO conducts a survey of the state CIOs to identify and prioritize the top policy and technology issues facing state government. The CIOs top ten priorities are identified and used as input to NASCIO’s programs, planning for conference sessions, and publications.
