IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

NASCIO Issues Information Security Recommendations

A new report presents a series of recommendations and plans to fight electronic attacks on critical information infrastructure.

ARLINGTON, Va. -- A new grant report prepared by the National Association of State Chief Information Officers (NASCIO) and funded by the PricewaterhouseCoopers Endowment for the Business of Government urges public sector officials to rank IT governance at the top of their list of responsibilities to meet today's increased security challenges.

The report, "Public-Sector Information Security: A Call to Action for Public-Sector CIOs," is based, in part, on a forum sponsored by NASCIO with the support of the PricewaterhouseCoopers Endowment that identified actions to combat emerging electronic threats to security and critical infrastructure.

The report, written by Don Heiman, former CIO of Kansas, offers public-sector officials 10 recommendations for improving information security, including:

- Making sure "everyone is at the table" when developing an IT governance structure. All branches of state government and local units of government should be involved in developing policies, setting standards and establishing enterprise-level security plans.

- Adopting IT control objectives to manage, implement and maintain IT systems.

- Developing a business case for information security based on a full risk assessment of vulnerabilities. The assessment should include a complete inventory of critical systems and assets and would also involve an analysis of the gap between actual and ideal security levels for the identified systems and related assets.

- Establishing an interstate security information center that would help states analyze security breaches, repair affected IT systems, report security alerts, provide clearinghouse services for good practices and work with federal agencies.

"The NASCIO is pleased to have been able to produce this document with the support of The PricewaterhouseCoopers Endowment," said Rock Regan, CIO of Connecticut and President of the NASCIO. "As leading implementers of IT and IT-related governance solutions, state CIOs need to be conveners of efforts to protect critical information assets. This document is a great starting point for any public-sector CIO who recognizes that IT security is not just a question of technologies and processes, but part of a larger enterprise philosophy that builds security into the way we do business."

The PricewaterhouseCoopers Endowment for the Business of Government