Cybersecurity Management in the States: The Emerging Role of Chief Information Security Officers
Both corporations and government have responded by creating a new role in their organizations to lead the safeguarding efforts—chief information security officers. The role of these officers is still under development. Do they safeguard best by using law enforcement techniques and technological tools? Or are they more effective if they serve as educators and try to influence the behaviors of technology users?
This report is a significant contribution to the discussion of the roles and responsibilities of chief information security officers (CISOs) in state governments
across the United States. It identifies both strategies and activities used by successful state CISOs, and thereby provides a good roadmap to success for all state CISOs.
The report cites the Multi-State Information Sharing and Analysis Center (MS-ISAC), which has been championed since its inception by the New York state chief cybersecurity officer as one key cybersecurity collaboration success. The MS-ISAC initiative has yielded measurable results and provided a means of consistent communication across sectors in society.
The report also emphasizes that while a technical education remains important for CISOs, state cybersecurity officials need to be proficient in non-technical skills as well, including collaboration, communication, managerial, organizational, policy alignment, and political skills.
Finally, the report emphasizes the need for state cybersecurity officials to devote increased attention to data management as the defined system/network perimeter has dissolved and the future success of cybersecurity relies on the CISOs, chief information officers, data owners, records managers and archivists to jointly focus on data management to achieve effective business processes.