Massachusetts Takes a Broad, Enterprise View of Risk
As commonwealth CISO and chief risk officer, Anthony O’Neill leads Massachusetts’ cybersecurity efforts, which are framed within the broader context of risk management.
LOUISVILLE, Ky. — A growing number of states in the past few years are framing their cybersecurity efforts in terms of risk. North Carolina, for example, has a chief risk officer, Rob Main, who serves as that state's equivalent of a CISO.
Using the "risk" terminology could imply a broader scope of influence than a "cyber-" title. That's the case in Massachusetts, according to commonwealth CISO and Chief Risk Officer Anthony O'Neill, who told GovTech about their enterprise approach at this week's NASCIO conference.
As for the state's goals regarding cybersecurity, O'Neill indicated that Massachusetts is moving in the direction of zero trust, in part by focusing on fostering a culture of risk awareness in the workforce.
"We’re not the risk police, but we just want people to be more enlightened about what that means, so as we continue to mature those processes, and our workforce becomes more comfortable and familiar with these concepts, zero trust is definitely where the puck is moving and that’s where we’re going to go,” he said.
Noelle Knell is the executive editor for e.Republic, responsible for setting the overall direction for e.Republic’s editorial platforms, including Government Technology, Governing, Industry Insider, Emergency Management and the Center for Digital Education. She has been with e.Republic since 2011, and has decades of writing, editing and leadership experience. A California native, Noelle has worked in both state and local government, and is a graduate of the University of California, Davis, with majors in political science and American history.
Lauren Kinkade is the managing editor for Government Technology magazine. She has a degree in English from the University of California, Berkeley, and more than 15 years’ experience in book and magazine publishing.
