Unedited news and product information from vendors.
Government Data, Citizens' Personal Information at Risk: Deloitte-NASCIO Survey
Sep 28, 2010 (02:09 PM EDT)
79 Percent of State Chief Information Security Officers Report Stagnant or Cut Budgets While Internal and External Threats Increase
WASHINGTON, Sept. 28 /PRNewswire-USNewswire/ -- According to findings of a recent survey conducted by Deloitte and the National Association of State Chief Information Officers (NASCIO), "State Governments at risk: A Call to Secure Citizen Data and Inspire Public Trust," state governments, as custodians of the most comprehensive collection of citizens' Personally Identifiable Information (PII), must make cybersecurity a top priority now.
The Deloitte-NASCIO cybersecurity study finds that many state Chief Information Security Officers (CISOs) lack the funding, programs and resources to adequately protect vital government data and the personal information of their constituents, especially when compared to their counterparts in private sector enterprises.
"Many state CISOs lack the visibility and authority to effectively drive security down to the individual agency level," said Srini Subramanian, director, Deloitte & Touche LLP and leader of state government security and privacy services. "At the federal level, the President has recognized the critical nature of the problem and appointed a cybersecurity coordinator to address it; it's imperative that governors and state legislative leaders make cybersecurity a priority."
"Unprecedented budgetary cuts across state governments and growing reliance on contractors and outsourced IT services are creating an environment that is even harder to secure, and the report highlights the growing concerns of CISOs in this regard," said Steve Fletcher, president of NASCIO and CIO of the State of Utah.
The Deloitte-NASCIO study is based on a survey in which 49 of the 50 states responded. The key findings include:
Based on the findings, Deloitte and NASCIO provide a set of recommendations that state CISOs might use to help bridge some of these gaps, including partnerships within state government, executable strategies, ideas for standardization and tips for better preparing staff and others.
"State CISOs and CIOs recognize the threats and realize all government leaders need to be better informed on the risks," said Doug Robinson, executive director of NASCIO. "It's clear CISOs have tough jobs without adequate resources. A staggering 88 percent of respondents mention lack of sufficient funding as a major barrier to effectively addressing information security."
In a letter introducing the report from the Honorable Tom Ridge, the nation's first Secretary of the Department of Homeland Security, Ridge notes, "The 2010 Deloitte-NASCIO Cybersecurity Study confirms that large amounts of Personally Identifiable Information (PII) that the states maintain may be at risk, but barriers identified in the study make securing PII a daunting task."
For a copy of the full report, "State Governments at Risk: A Call to Secure Citizen Data and Inspire Public Trust," please visit http://www.deloitte.com/view/en_US/us/Industries/us-state-government/ae3572eefd25b210VgnVCM2000001b56f00aRCRD.htm.
For more information about Deloitte's U.S. State Government practice, please visit http://www.deloitte.com/view/en_US/us/Industries/us-state-government/index.htm.
The National Association of State Chief Information Officers is the premier network and resource for state CIOs and a leading advocate for technology policy at all levels of government. NASCIO represents state chief information officers and information technology executives from the states, territories, and the District of Columbia. The primary state government members are senior officials who have executive level and statewide responsibility for information technology leadership. State officials who are involved in agency level information technology management may participate as state members. Representatives from other public sector and non-profit organizations may also participate as associate members. Private sector firms may join as corporate members and participate in the Corporate Leadership Council. For more information about NASCIO visit www.nascio.org.
As used in this document, "Deloitte" means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.