Government Technology

IT Security Survey Shows Government's Progress on Safeguarding Data

April 8, 2008 By

For government IT professionals, few issues hit closer to home than IT security.

Public agencies and government programs deal in some of society's most sensitive information -- military and police data, court records, and health and property information, to name a few. A glance at recent news headlines shows the fallout that hits public officials, IT professionals and citizens when this data is left unprotected.

Given the stakes, it's not surprising that CIOs rank IT security among their top priorities. Members of the National Association of State Chief Information Officers (NASCIO) put information security at the top of their to-do lists for 2007 and at No. 2 for 2008.

The response was similar from nearly 500 state and local Government Technology subscribers who responded to a reader poll in late 2007. Respondents ranked information security as their top priority this year, placing it above other hot-button issues such as homeland security, work force retention and IT consolidation.

Clearly security has your attention. But is attention translating into action? That's a question we attempted to answer in January with the Government Technology IT security survey. The results present somewhat of a mixed bag.

First the good news: Nearly 60 percent of your organizations have established a chief information security officer (CISO) or similar position -- a figure that compares favorably with the private sector. Those CISOs also seem to be positioned for success, with appropriate access to both the CIO and agency upper management.

Furthermore almost 80 percent of your organizations now have a formal security policy, and most of you said recent high-profile security events raised awareness of cyber-security but didn't discourage new technology deployments.

And now the bad: Survey results indicate a fair amount of complacency among respondents, as well as a troubling lack of knowledge about both the volume and nature of cyber-attacks against their organizations. In addition, security awareness may be up, but security funding generally is not. Finally security training -- perhaps one of the most effective weapons against information security breaches -- remains an afterthought for many respondents.

Feeling Too Good?

More than 75 percent of respondents rated their cyber-security preparedness as good or fair -- a realistic estimate for organizations coping with rapidly changing security threats. But another 18 percent described their security preparedness as excellent, an assessment that could indicate dangerous overconfidence.

"To be among the 18 percent that said 'excellent' is delusional, and it also reflects a complacency that you can't afford in that space," said Paul W. Taylor, chief strategy officer of the Center for Digital Government. "There's much more realism in the "fair" and "poor" rankings and the bare majority that said 'good.' I think that's a reasonable position to take -- one that reflects that agencies are doing as well as possible under the circumstances. But they're not making any claims that they've got the situation in hand.

"I think security's function is always to believe that they don't have it in hand," he continued. "There always are revolving threats, both internal and external."

Survey results also show that state and local governments are getting serious about putting someone in charge of their information security efforts. The number of state and local agencies creating a CISO or similar position compares well with the general industry trend. CIO magazine's 2007 global information security survey -- which polled 7,200 respondents in various industries worldwide -- also found that 60 percent of organizations had created CISO or chief security officer positions.

Furthermore government CISOs seem to be in the right place organizationally to make an impact. Taylor said the survey indicates a dual reporting relationship that gives CISOs access to both the CIO and agency management. Thirty-five percent of respondents said their CISO reports to the CIO or top IT executive,

| More


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Fresh Ideas In Online Security for Public Safety Organizations
Lesley Carhart, Senior Information Security Specialist at Motorola Solutions, knows that online and computer security are more challenging than ever. Personal smartphones, removable devices like USB storage drives, and social media have a significant impact on security. In “Fresh Ideas in Online Security for Public Safely Organizations,” Lesley provides recommendations to improve your online security against threats from social networks, removable devices, weak passwords and digital photos.
Meeting Constituents Where They Are With Dynamic, Real-Time Mobile Engagement
Leveraging the proven and open Kofax Mobile Capture Platform, organizations can rapidly integrate powerful mobile engagement solutions across the spectrum of mobile image capture, mobile data capture and complete mobile process integration. Kofax differentiates itself by extending capture to mobility, supporting multiple points of constituent engagement. Kofax solutions dynamically orchestrate the user’s mobile experience from a single platform—reducing time to market, improving process perf
Public Safety 2019
Motorola conducted an industry survey on the latest trends in public safety communications. The results provide an outlook of what technology is in store for your agency in the next five years. Download the results to gain this valuable insight.
View All

Featured Papers