Cybersecurity Management In the States: The Emerging Role of Chief Information Security Officers

44 Pages Posted: 11 Dec 2012

See all articles by Marilu Goodyear

Marilu Goodyear

University of Kansas

Holly Goerdel

University of Kansas

Shannon Portillo

George Mason University

Linda Williams

University of Kansas

Date Written: 2010

Abstract

Forward by John Bruel and John Lainhart: On behalf of the IBM Center for The Business of Government, we are pleased to present this report, 'Cybersecurity Management in the States: The Emerging Role of Chief Information Security Officers,' by Marilu Goodyear, Holly T. Goerdel, Shannon Portillo, and Linda Williams. The importance of safeguarding information created and shared on computers and the internet has increased significantly in recent years, as society has become increasingly dependent on information technology in government, business, and in their personal lives. Both corporations and government have responded by creating a new role in their organizations to lead the safeguarding efforts - chief information security officers. The role of these officers is still under development. Do they safeguard best by using law enforcement techniques and technological tools? Or are they more effective if they serve as educators and try to influence the behaviors of technology users? This report is a significant contribution to the discussion of the roles and responsibilities of chief information security officers (CISOs) in state governments across the United States. It identifies both strategies and activities used by successful state CISOs, and thereby provides a good road map to success for all state CISOs.

The report cites the Multi-State Information Sharing and Analysis Center (MS-ISAC), which has been championed since its inception by the New York state chief cybersecurity officer as one key cybersecurity collaboration success. The MS-ISAC initiative has yielded measurable results and provided a means of consistent communication across sectors in society. The report also emphasizes that while a technical education remains important for CISOs, state cybersecurity officials need to be proficient in nontechnical skills as well, including collaboration, communication, managerial, organizational, policy alignment, and political skills. Finally, the report emphasizes the need for state cybersecurity officials to devote increased attention to data management as the defined system/network perimeter has dissolved and the future success of cybersecurity relies on the CISOs, chief information officers, data owners, records managers and archivists to jointly focus on data management to achieve effective business processes. This report also emphasizes the importance of effective IT governance - We hope that you find this report both timely and informative. We believe its insights and recommendations are relevant to CISOs at all levels of government.

Keywords: cyber security, public management, information sharing, collaboration

Suggested Citation

Goodyear, Marilu and Goerdel, Holly and Portillo, Shannon and Williams, Linda, Cybersecurity Management In the States: The Emerging Role of Chief Information Security Officers (2010). Available at SSRN: https://ssrn.com/abstract=2187412 or http://dx.doi.org/10.2139/ssrn.2187412

Marilu Goodyear (Contact Author)

University of Kansas ( email )

1415
Jayhawk Blvd.
Lawrence, KS 66045
United States

Holly Goerdel

University of Kansas ( email )

1415
Lawrence, KS 66045
United States

HOME PAGE: http://www.kupa.ku.edu/faculty/

Shannon Portillo

George Mason University

4400 University Drive
Fairfax, VA 22030
United States

Linda Williams

University of Kansas ( email )

1415
Jayhawk Blvd.
Lawrence, KS 66045
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
636
Abstract Views
2,219
Rank
70,445
PlumX Metrics