As governments around the world grapple with IT security, the US National Association of State Chief Information Officers (NASCIO) has released a brief on making the business case for sustainable IT security funding.
NASCIO, which represents US state government CIOs, argues that the threats to state IT systems and the sensitive information within them seem to multiply and evolve as quickly as the technology itself develops. To keep pace with the proliferation of current and future IT security threats, state CIOs must clearly articulate the need for ongoing investment in IT security.
Entitled "The IT Security Business Case: Sustainable Funding to Manage the Risks," the research brief was developed by NASCIO's Information Security and Privacy Committee.
It takes a holistic approach to constructing the case for enterprise IT security investment by outlining the following steps for state CIOs: Understanding the state government's IT environment that drives the need for security, starting with an enterprise-wide IT risk assessment, as well as making the case for IT security through demonstrating the risks (bolstered by the IT risk assessment results), the benefits of security and how security aligns with the state's business needs.
At the NASCIO 2005 Midyear Conference, 89 percent of responding state CIOs ranked security among their top three most important issues. "And it only takes a short recitation of some of the statistics about the threats faced by states for the reason for the urgency to become apparent," the brief says. "For example, on an average day, Michigan blocks 22,059 spam emails, 21,702 email viruses, 4239 Web defacements, and 6 remote computer take-over attempts."
The brief was issued as the Australian government is reviewing its own e-security national agenda with the aim of creating a secure and trusted electronic operating environment for users.
The review is targeted at ensuring Australia is well prepared for the opportunities and challenges created by the convergence of communications, information technology and the Internet. The government notes the online landscape has changed significantly since the agenda was announced in September 2001 with the emergence of new technologies and more serious e-security attacks. Australia's security framework must be able to respond to these dangers.
Submissions from the public and industry closed on May 8, and the government is now considering its response.
The issue is more important than ever. As NASCIO said in a release, technology is pervasive both in the workplace and in the home. However, the threats to state IT systems and the sensitive information within them seem to multiply and evolve as quickly as the technology itself develops. To keep pace with the proliferation of current and future IT security threats, state CIOs must clearly and successfully articulate the need for ongoing investment in IT security.
"Security has always been a top priority for the state CIOs," said Mary Carroll, Ohio CIO and co-chair of NASCIO's Information Security and Privacy Committee. "Through this brief, we are helping to provide the state CIOs with strategies for obtaining ongoing, sustainable funding for IT security. Adequate IT security investment can help the state CIOs address and manage today's risks and also prepare for tomorrow's risks."
The brief incorporates concepts of risk management, stressing the importance of a thorough assessment and prioritization of potential risks that threaten state IT systems and resources. The IT risk assessment is an important tool in determining which IT security risks are the most critical. The state CIO can then use that information to support the case for adequate funding and then determine how funding can be strategically allocated to address those threats.
"Citizens place their trust in state government to protect IT infrastructure, provide reliable online services and protect the privacy of sensitive citizen information housed within state IT systems. The state CIOs play a key role in the preservation of this trust by ensuring adequate funding levels for state IT security. State CIOs will find this brief helpful in creating funding strategies for their IT security efforts," said Brenda Decker, Nebraska CIO, and co-chair of the Information Security and Privacy Committee.
- +
Ticked Off at Tick the Box Mentality 04 February, 2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
9 Paths to Higher Performance 10 December, 2007 14:09:23
When an organization brings together talented people in a creative, collaborative environment it fosters a culture of high performance, which in turn leads to superior business resultsLike high-achieving individuals, some organizations seem to have the Midas touch. Virtually every initiative they touch earns them gold and even those that fail never seem to cost them much of anything at all - +
Strategies for Dealing With IT Complexity 24 December, 2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.
SAP slashes NetWeaver developer subscription price
Blog: Are You Getting 70 Percent Off List Price from Your ERP Software Vendor?
With Dynamics, Microsoft's ERP and CRM Business Apps Go Head-to-Head with Oracle and SAP
Blog: Overstock.com's Four-Year ERP Nightmare
5 Questions to Ask Before You Say Yes to SaaS or Cloud Computing
Read up on the latest ideas and technologies from companies that sell hardware, software and services. - White PaperYour organisation may well have devised and implemented an Acceptable Use Policy (AUP) some time ago in order to guard against the risks of inappropriate use of computer systems by your workers, but are you confident that your AUP remains 'fit for purpose'? Read on to discover how you can enhance the effectiveness of your AUP.
- White PaperWhat you don’t know can destroy your business. It’s hard to imagine modern business without the internet but in the last few years it has become fraught with danger. Read on to discover how internet security can give your business a competitive advantage.
- White PaperJoin Lee Benjamin, a Microsoft Exchange MVP and Ryan Shipkowski, network administrator for Matthews, to discuss the process and ROI of implementing an email archiving solution, with emphasis on a case study from Matthews International.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
Chris Hoff on Virtualization and Cloud Computing 20 November, 2008 10:55:00
Chris Hoff, chief security architect for the systems and technology division at Unisys and an advisor on the Skybox Security customer advisory board, is one of the biggest critics of virtualization security out there. Not because it isn't important - but rather because it is vital and needs to mature rapidly. - +
Cybersecurity is focus of new start-up incubator 20 November, 2008 07:19:00
Texas uni announces the Institute for Cyber Security.The University of Texas at San Antonio Tuesday announced a technology incubator aimed at fostering IT security-based start-ups within the state. - +
Dilip Sarangan on Physical Security M&A 20 November, 2008 11:18:00
Dilip Sarangan tracks physical security companies for Frost & Sullivan. He expects the industry's "need to have" products to weather the economic storm well, with the big players (now including IBM and Cisco) looking for value-priced acquisitions. - +
International Challenges in PCI Security 20 November, 2008 09:15:00
In a country that's seen many regulatory compliance challenges this decade, the headaches of PCI security tend to be analyzed from a largely American perspective. - +
PCI council sharpens oversight of security auditors 19 November, 2008 10:53:00
Quality assurance plan targets security assessors and scanning vendorsThe PCI Security Standards Council Monday unveiled a plan to sharpen oversight of the hundreds of security-service providers now authorized to evaluate merchant networks under the organization's Payment Card Industry data standards.
Vignette Announces 2008 Excellence Awards 21 November, 2008 10:50:00
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 20 November, 2008 17:34:00
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 20 November, 2008 12:06:00
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 20 November, 2008 12:04:00
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 20 November, 2008 12:02:00
|
||
|
||
|
|
||
|
Security Inside Out
A security breach has the potential to impact your bottom line, damaging reputation, customer loyalty and profitability. Managing security risks in today's environment requires a framework that extends beyond traditional network perimeter measures to protect applications, middleware, and data infrastructures. Read on to discover how you can create an enterprise security framework to protect your business.
Buying Guides
Latest Products
