What capabilities are necessary components of a cyber security strategy? An approved and proactively communicated strategy can also help CISOs overcome another barrier: “lack of visibility and influence in the enterprise,” an ongoing challenge in the largely federated governance model in state government. For example, 11 out of 33 states that have an approved strategy reported they have more than 15 FTEs dedicated to cybersecurity, and 16 out of 33 states with an approved strategy reported they had an increase in budget. Cyber security must be understood as an inherent cost of doing business and must be a component of every budget.Ī direct correlation can be seen between having an established strategy and obtaining more full-time equivalents (FTEs) dedicated to cybersecurity, as well as year-over-year budget increases (figure 7). However, cyber security must be “baked into” every project, program and management initiative – and not be an administrative afterthought. Survey evidence suggests that when CISOs develop and document strategies-and get those strategies approved-they can command greater budgets and attract or build staff with the necessary competencies.Ĭyber security will require funding for creating the necessary capabilities that include tools and training for cyber security. Four-fifths (80 percent) of respondents say inadequate funding is one of the top barriers to effectively address cybersecurity threats, while more than half (51 percent) cite inadequate availability of cybersecurity professionals (figure 6).
What are the top five barriers in addressing cyber security?Įven as CISOs better define their roles and become an integral part of state government, they continue to face challenges, particularly in securing the resources they need to combat ever-evolving cybersecurity threats. The National Institute of Standards and Technologies (NIST) publication “Guidelines for Managing the Security of Mobile Devices in the Enterprise” (SP 800-124) outlines a number of items for government organizations should follow. Additional risks related to mobile devices are personal devices being used in the workplace and authentication of the user. Mobile malware threats are certainly growing and a significant security concern with mobile devices is the loss of the device. However, the use of mobile devices for communicating and for sharing data create inherent security issues and add more points of access to the network. Mobile devices do bring great utility in terms of convenience and allowing individuals to be “online all the time.” Governments have widely deployed mobile devices for accessing resources and greater workforce productivity. Do mobile devices present security risks?
Since the 1990s state and local governments have made progress, but it has been incremental. Government information resources are becoming increasingly more difficult to protect as more processes become digital and citizen services move online. Governments at all levels are inherently “open” organizations and this makes their digital assets attractive targets. Hacking, malware, ransomware and cyber terrorism are all part of the evolving landscape of threats facing government organizations. “State governments at risk: Time to move forward” Reproduced from the 2014 Deloitte-NASCIO Cybersecurity Study Cyber experts report significant escalation in external cyber attacks, especially from criminal organizations and foreign state sponsored activities. Yes, threats are increasing exponentially in sophistication, intensity, diversity and volume.
Home | Chiefs | IT Security | Frequently Asked Questions (FAQ IT Security) Frequently Asked Questions (FAQ IT Security) Are cyber security threats increasing?
0 kommentar(er)
