"Protecting the Realm" underlines the criticality of managing states' digital assets and identifies key, high-level elements for establishing better data security programs within states. The brief covers data ownership and governance issues, recommends grounding data protection efforts in states' enterprise architecture frameworks, and outlines nine primary elements that a comprehensive data protection program must incorporate or address. It describes data classification frameworks that have been developed in both state and federal agencies, and includes summaries of operational data classification and security initiatives in the states of Ohio, Arkansas and Iowa.
"The sheer volume of data breaches reported is ample evidence that public agencies need to do a better job protecting personal information about citizens," said Nebraska CIO and committee co-chair Brenda Decker. "There is a limit to how much state business we can conduct electronically unless the mechanics for protecting that data are in place, operating, and trusted."
"Whether we're hearing more about data breaches because there are more of them or because incident reporting is better is frequently debated," Mike Locatis, Colorado CIO and committee co-chair added, "but the fact is, we know how quickly the volume of data increases and that managing it effectively is under-addressed. The value of the brief for me is that it not only describes what to do, it tells where to start. And probably most helpfully, it describes programs where efforts are already under way."
