Advancing Digital Government: Better Decision-Making Through Data Sharing Agreements

/in , , /by

This report describes the purpose and the principles for creating data sharing agreements as well as enterprise wide memorandum of understanding (MOU).  The intent is to avoid surprises and ensure everyone involved knows the parameters for sharing certain types of information.  When possible, enterprise MOUs should be in place that encourage information sharing.  The ultimate outcome is better informed decisions so state government is reaching the outcomes it is seeking for its citizens.
Download

 

NASCIO and NASPO Topical Roundtable

/in /by

In continuing their shared interests in working together to improve IT procurement, NASPO and NASCIO have developed an action plan for navigating the ever-changing terrain shaping state procurement efforts and information technology updates. The action plan addresses several key areas of state government common to both specialties, including governance and organizational structure; teaming and roles; interactions and processes; and budgeting and forecasting.

 

Download

 

 

State CIO Top Ten Policy and Technology Priorities for 2017

/in , , , , , , , , /by

NASCIO conducts a survey of the state CIOs to identify and prioritize the top policy and technology issues facing state government. The CIOs top ten priorities are identified and used as input to NASCIO’s programs, planning for conference sessions, and publications.

 

Download

 

 

State Cybersecurity Resource Guide

/in /by

The National Association of State Chief Information Officers (NASCIO) supports National Cybersecurity
Awareness Month, now in its 13th year. State CIOs and the programs they administer have supported
cybersecurity awareness month from its inception, and states address IT security and privacy awareness,
education, and training on a year-round basis.

For the 2016 observance, NASCIO has updated its Resource Guide for State Cybersecurity Awareness, Education, and Training Initiatives. This guide includes:

  • Updated information on state awareness programs, initiatives and best-practice information;
  • Contact information for state chief information security officers (CISOs);
  • Hyperlinks to state security and security awareness pages; and
  • Information describing cybersecurity awareness, training, and education initiatives.

The Resource Guide is a working document that should prove a valuable resource for Cybersecurity Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.

 

Download

The 2016 State CIO Survey: The Adaptable State CIO

/in , , , , , , , , , , , , , /by

NASCIO, Grant Thornton LLP and CompTIA have collaborated for a seventh consecutive year to survey state government IT leaders on current issues, trends and perspectives. New service delivery models, innovative technology solutions, and rising customer expectations all require state CIOs to adapt continually to changing circumstances. We asked state CIOs to share their perspective on a number of topics, with a particular focus on the continued evolution of the CIO as a broker of shared services, on the IT workforce challenges facing CIOs, and on the use of data management and analytics at an enterprise level. These topics all involve CIOs looking into the future and adapting their strategies and plans to address a state IT and business environment that is becoming ever more complex. Cybersecurity, cloud solutions, mobility, procurement, cross-jurisdictional collaboration and privacy represent other high priority topics covered in the survey.

 

 

 

Download

2016 Deloitte-NASCIO Cybersecurity Study – State Governments at Risk: Turning Strategy and Awareness into Progress

/in /by

This study reports findings and analysis of a comprehensive survey of State Chief Information Security Officers (CISOs) conducted by NASCIO in partnership with Deloitte. The results of the 2016 Deloitte-NASCIO Cybersecurity Study highlights the fact that challenges still exist, but cybersecurity is becoming part of the fabric of government operations.

The following key themes emerged from our analysis:

  • Governor-level awareness is on the rise. The survey results indicate that governors and other state officials are receiving more frequent updates from CIOs/CISOs. Despite an increase of reporting, a confidence gap still exists between IT and the business, emphasizing the need for better communication of cyber risks.
  • Cybersecurity is becoming part of the fabric of government operations. The state government CISO role has become more consistent in terms of functions and responsibilities. Top three cybersecurity initiatives in 2016 include training and awareness, monitoring/security operations centers (SOC), and strategy.
  • A formal strategy and better communications lead to greater command of resources. States taking a proactive approach to strategy setting and communication are more likely to see improvements in funding and access to talent. Survey shows 16 out of 33 states with an approved strategy reported they had an increase in budget.
  • There is a need to rethink talent strategies. The nature of what states have to offer workers has changed. States are pointing to job stability and the opportunity to “give back and make an impact” as compelling reasons to gravitate towards state employment. These—along with a rich training and development program – are becoming the basis for a campaign to recruit millennial talent.

 

Download

Better Decisions, Better Government: Effective Data Management Through a Coordinated Approach

/in , , , , /by

This report describes the basics of how to get started with a data management discipline. It maintains a simple approach to gaining support including governance, bringing together the right stakeholders, and establishing a compelling business case. This report is the second in a series of reports that deals with WHY is data management important; HOW does state government get started.

Download

 

Value and Vulnerability: The Internet of Things in a Connected State Government

/in , , , , , , /by

States are finding that the “Internet of Things” (IoT) can improve efficiency, reduce waste and connect citizens to state services in faster and more affordable ways. But with that value comes vulnerability. States must consider security, privacy, accessibility and standardization when crafting a roadmap for IoT. This policy brief describes ways that states are currently implementing IoT, possibilities for the coming years, and recommendations on avoiding difficulties along the way.

 

Download

Advanced Cyber Analytics

/in , , , , , , , , /by

This report examines the subject of advanced cyber analytics.  It makes the case for states to invest in such capabilities and maintain ongoing maturity in advanced analytics.  All organizations, including state government must also develop and maintain response capabilities that continuously mature in sophistication in order to keep pace with an ever changing threat landscape. State government remains in a defensive position.  With the advent of multi-vector strategies by cyber criminals, state government now more than ever needs the ability to correlate disparate data sources generated from the myriad of security tools agencies have already invested in.  Examples of advanced analytics tools are provided.  The report includes a call to action list, a checklist, key questions, and recommendations.

Download

 

Cyber Disruption Response Planning Guide

/in , , , , , , , , , /by

 

State government must now view cyber attacks that are more than cyber incidents.  We must prepare for larger magnitude events.  These can be termed cyber disruptions, disasters or even catastrophes.  This publication includes the following:

  • A call to action for states to develop state cyber disruption response plans that include: a governance structure that clearly designates who is in charge in a given event or phase of an event; development of a risk profile for state assets; collaboration among the various agencies that have cyber responsibility; and a communication plan to ensure the right people have the right information as early as possible so they can response effectively.
  • A checklist for states to work with in developing progress toward a cyber disruption response operating discipline.
  • A cross functional process description that can be used as a starting point for states to develop their own unique cross functional process for orchestrated planning and response at various threat levels.

 

Download