Cyber commanding greater attention in states
- By Matt Leonard
- Aug 22, 2018
Risk assessments and cybersecurity metrics are the two top initiatives for state chief information security officers, according to a survey by the National Association of Chief Information Officers.
Risk assessment has been an ongoing concern cited by CISOs in the biennial NASCIO surveys that were first conducted in 2010. This year, however, marks the first time metrics to measure and report effectiveness has been among top initiatives.
The 2018 report found 30 percent of CISOs are providing cybersecurity reports to governors on a monthly basis.
Missouri CISO Michael Roling said he’s witnessed increasing interest in cybersecurity issues from leadership. When he started as CISO, he reported to the governor on an ad hoc basis, but now, thanks to a formalized strategy, that’s changing, Roling said in an Aug. 21 webinar.
The latest survey also found an uptick in the number of states with chief privacy officers. In 2016, 18 percent of states reported having a CPO, but that’s up to 28 percent of states in 2018.
Deloitte Principal Srini Subramanian said the CPO role is still not well defined and that could be why there are still so few positions in state government.
Although Missouri doesn't have a CPO, Roling said he can see how a CPO could help with legal and compliance issues related to data management.
The full biennial report on state-level cybersecurity will be released at NASCIO's annual conference in October.
Matt Leonard is a former reporter for GCN.