Risk-based approach best for govt security: NASCIO

A risk-based cybersecurity approach is the best tactic for state government data, a new brief from the National Association of State CIOs (NASCIO) argues.

The report asserts that governments taking a risk-based approach produce more accurate assessments, present reduced attack surfaces and exhibit improved decision-making.

It recommends that governments take an enterprise mentality by bringing together previously silo-based security and IT tools and allowing for ongoing and continuous data monitoring and assessments.

A survey of US state CIOs shows that data management and analytics is a top priority for 2017, along with security and risk management, cloud strategy and legacy IT modernisation.

NASCIO President and CIO of the state of Connecticut Mark Raymond said today the true value of a state often resides in its data assets, including the information it collects, develops and stores as well as the products and services it develops based on this information.

Reaping the benefits of this data hinges on data classification, defined in the report as “a process that identifies what information needs to be protected against unauthorized access, misuse and the extent to which it needs to be secured and controlled”. More sensitive data requires more extensive levels of protection.

“A risk-based approach to cybersecurity is ideal for state governments because it enables incremental and measurable improvement. Data classification is a critical step in the process of understanding the critical data we protect,” Raymond said.

Data classification practices need to be continually updated as systems and system data change, he added.

Image courtesy of Zappys Technology Solutions under CC

Follow us on Twitter and Facebook