Cybersecurity Management in the States: The Emerging Role of Chief Information Security Officers

This report is a significant contribution to the discussion of the roles and responsibilities of chief information security officers (CISOs) in state governments across the United States. It identifies both strategies and activities used by successful state CISOs, and thereby provides a good roadmap to success for all state CISOs. The report cites the Multi-State Information Sharing and Analysis Center (MS-ISAC), which has been championed since its inception by the New York state chief cybersecurity officer as one key cybersecurity collaboration success. The MS-ISAC initiative has yielded measurable results and provided a means of consistent communication across sectors in society. The report also emphasizes that while a technical education remains important for CISOs, state cybersecurity officials need to be proficient in nontechnical skills as well, including collaboration, communication, managerial, organizational, policy alignment, and political skills. Finally, the report emphasizes the need for state cybersecurity officials to devote increased attention to data management as the defined system/network perimeter has dissolved and the future success of cybersecurity relies on the CISOs, chief information officers, data owners, records managers and archivists to jointly focus on data management to achieve effective business processes.

Marilu Goodyear
Holly T. Goerdel
Shannon Portillo
Linda Williams
© IMB Center for the Business of Government. Strengthening Cyber Security Series, 2010