Entitled "The IT Security Business Case: Sustainable Funding to Manage the Risks," the research brief was developed by NASCIO's Information Security and Privacy Committee.
The brief takes a holistic approach to constructing the case for enterprise IT security investment by outlining for the state CIOs the following steps: Understanding state government's IT environment that drives the need for security, starting with an enterprise-wide IT risk assessment, and making the case for IT security through demonstrating the risks (bolstered by the IT risk assessment results), the benefits of security, and how security aligns with the state's business needs.
Today, said NASCIO in a release, technology is pervasive both in the workplace and in the home. However, the threats to state IT systems and the sensitive information within them seem to multiply and evolve as quickly as the technology itself develops. To keep pace with the proliferation of current and future IT security threats, state CIOs must clearly and successfully articulate the need for ongoing investment in IT security.
"Security has always been a top priority for the state CIOs," said Mary Carroll, Ohio CIO and co-chair of NASCIO's Information Security and Privacy Committee. "Through this brief, we are helping to provide the state CIOs with strategies for obtaining ongoing, sustainable funding for IT security. Adequate IT security investment can help the state CIOs address and manage today's risks and also prepare for tomorrow's risks."
The brief incorporates concepts of risk management, stressing the importance of a thorough assessment and prioritization of potential risks that threaten state IT systems and resources. The IT risk assessment is an important tool in determining which IT security risks are the most critical. The state CIO can then use that information to support the case for adequate funding and then determine how funding can be strategically allocated to address those threats.
"Citizens place their trust in state government to protect IT infrastructure, provide reliable online services, and protect the privacy of sensitive citizen information housed within state IT systems. The state CIOs play a key role in the preservation of this trust by ensuring adequate funding levels for state IT security. State CIOs will find this brief helpful in creating funding strategies for their IT security efforts," said Brenda Decker, Nebraska CIO, and
co-chair of the Information Security and Privacy Committee.
