The National Association of State Chief Information Officers (NASCIO), announced the release of its research brief IT Security Awareness and Training: Changing the Culture of State Government. This brief is a product of NASCIO's Information Security and Privacy Committee.

Most state government employees use technology to do their daily work, yet they may not realize the dramatic consequences that can flow from one mistake, said NASCIO. As data breaches and security incidents that originate from within state government appear to be on the rise, cultural change is needed toward a more security-conscious state workforce. All state employees need to understand that IT security is everyone's job, said NASCIO in a release, and know how to use the state's IT resources in a way that minimizes security risks.

NASCIO's new research brief highlights how IT security awareness and training activities, if conducted on a consistent basis, can instill cultural change within state government. It also discusses the CIO's role in these activities and points out that state CIOs must partner with other state government officials on this journey towards cultural change.  Finally, the brief discusses a broader role that state CIOs may pursue by expanding the scope of awareness efforts to include citizens as well as state employees.

"This brief will serve as a useful and practical companion to NASCIO's Insider Security Threats: State CIOs Take Action Now!" said Brenda Decker, Nebraska CIO and co-chair of NASCIO's Information Security and Privacy Committee. "This brief, released in April 2007, discussed the fact that IT security threats from within state government are of growing concern and suggested enterprise-wide awareness and training efforts as effective ways to address those threats."

"To implement or enhance current awareness and training efforts, state CIOs need examples of what other states are doing in this area," said Thomas Jarrett, CIO, state of Delaware and co-chair of NASCIO's Information Security and Privacy Committee. "This brief provides numerous examples of other states' awareness and training efforts and serves as a way for state CIOs to share their best practices in order to help all states achieve a heightened culture of IT security."