NASCIO guide writer's aim: Make cybersecurity awareness a way of life for public-sector CIOs
- By Trudy Walsh
- Aug 07, 2002
Former Kansas CIO Don Heiman recommends that planners involve every government worker with a stake in security in discussions to develop cybersecurity strategies.
The National Association of State Chief Information Officers last month issued a report on IT security titled Public-Sector Information Security: A Call to Action for Public-Sector CIOs. The report is available at www.nascio.org/2001/11/securityforum011113-14.cfm
The report is based on discussions at a November forum on IT security sponsored by NASCIO.
Written by Don Heiman, former CIO of Kansas, the 43-page report makes 10 recommendations for a successful response to cybersecurity threats and attacks:
- Make sure all government workers with a stake in security are involved in discussions about it
- Develop ways to measure enterprise success
- Adopt objectives for implementing and managing IT systems
- Develop security metrics that accurately measure unwanted intrusions, security breaches and vulnerabilities
- Develop state enterprise architectures that include security as an underlying domain
- Develop a business case for security based on a full risk assessment of infrastructure vulnerabilities
- Deploy automated and manual security technologies based on asset inventories and application criticality
- Develop a state security portal that includes emerging technologies for emergency response such as intelligent roads and radio-frequency infrastructure
- Establish an interstate security information sharing and analysis center funded at least partially by the federal government
- Develop model state legislation that lets local, state and federal agencies confidentially share security incident reports.
Heiman called the report a call to action because it was "written with a sense of urgency and dedicated to the victims and families of the Sept. 11 attacks on America," he said.
"We can't honestly say everything has changed since Sept. 11 unless we really look inside ourselves and make security more than just a narrow professional discipline, but a way of life," Heiman said.
Trudy Walsh is a senior writer for GCN.