States Need a Core Services Taxonomy for IT Security Programs

Printer-friendly versionPDF version

Lexington, KY - October 26, 2011 -- A taxonomy of core, critical IT security services must be identified to ensure that IT security remains robust in the current difficult budget environment, according  to “The Heart of the Matter: A Core Services Taxonomy for State IT Security Programs,” an issue brief released today by the National Association of State Chief Information Officers (NASCIO). The report is available for download on NASCIO’s website at www.nascio.org/publications .

It is necessary for states to deliver IT security services that safeguard the confidentiality, integrity, and availability of state data and systems, NASCIO reports. State CIOs face the daunting task of protecting the information and data, all while under a fiscal environment that is forcing significant consolidation and reengineering of state programs and services. This new brief highlights 12 services, along with a list of tools that commonly support service delivery.

David Taylor, chief information officer, State of Florida, and co-chair of the Security and Privacy Committee commented, “Given the movement towards IT reorganization and consolidation and the number of new CIOs appointed over the last year, it is very timely that NASCIO has defined these core security services. In Florida, we developed our Enterprise IT Security Implementation Plan using a very similar list of core services. I believe NASCIO’s work in this area will greatly aid state CIOs and chief information security officers going forward, as they address the level of risk they face in each of the core IT service areas.”

“NASCIO has expressed concerns about the adequacy and complexity of cybersecurity protections over the last several years,” said Charles Robb, NASCIO senior policy analyst. “NASCIO has lobbied for increased federal funding to address state-level security infrastructure requirements, but whether or not that is made available, it’s important that state CIOs assess their programs’ capabilities within the service areas defined in this brief and appropriately match expenditures with levels of risk.” 

About NASCIO

The National Association of State Chief Information Officers is the premier network and resource for state CIOs and a leading advocate for technology policy at all levels of government. NASCIO represents state chief information officers and information technology executives from the states, territories, and the
District of Columbia . The primary state government members are senior officials who have executive level and statewide responsibility for information technology leadership. State officials who are involved in agency level information technology management may participate as state members. Representatives from other public sector and non-profit organizations may also participate as associate members. Private sector firms may join as corporate members and participate in the Corporate Leadership Council. For more information about NASCIO visit www.nascio.org .

AMR Management Services provides NASCIO’s executive staff. For more information about AMR visit www.AMRms.com/ .

Contact

Shawn Vaughn
Membership and Communications Coordinator

National Association of State Chief Information Officers
(859) 514-9156
svaughn@AMRms.com   
www.NASCIO.org

News Source : States Need a Core Services Taxonomy for IT Security Programs