Public-Sector Information Security: A Call to Action for Public-Sector CIOs

摘要

This report expands upon the themes and issues raised at a forum on Security and Critical Infrastructure Protection sponsored by the National Association of State Chief Information Officers (NASCIO) with the support of the IBM Endowment, Forum participants included state chief information officers, government information technology managers, and other key state government staff, At the forum, held in November 2001, conference participants identified a series of actions designed to combat emerging cyber-threats to security and critical infrastructure, Subsequent to the forum, NASCIO asked Don Heiman, former chief information officer of the State of Kansas, to develop recommendations for improving public-sector information security. He developed % 0 recommendations in three areas: management, technology, and homeland security, Taken together, these recommendations reflect the concept that security is about more than just information technology. One key point is that IT governance is a critical responsibility for the heads of government entities and should include all key stakeholders, The report argues that in order to exercise effective enterprise and IT governance, agency heads and the agency's executive management team must have a clear understanding of what to expect from their enterprise's information and security programs. It is crucial that organizations evaluate the positive aspects and short- comings of their current security program, and then design improved programs to meet organizational needs, Organizations also must work to improve their capacity to effectively implement their security program. The recommendations set forth by Heiman are critical components to a successful response against cyber-security threats and attacks, We trust that this report will be helpful and useful to chief information officers at all levels of government as they develop and implement security measures to protect the nation's critical infrastructure.