The National Association of State Chief Information Officers (NASCIO) conducts an annual survey of state Chief Information Officers to learn about the top policy and technology issues state governments face. State Chief Information Officers (CIOs) have ranked cyber security as the top priority on every survey since 2014. At the State Auditor’s Office, we are also concerned about cyber security. To help state agencies and local governments protect their IT systems and data, we conduct IT security performance audits designed to assess opportunities for improvement. We plan to continue these audits to strengthen the security posture of our state and local governments.
In 2016, the Deloitte-NASCIO cyber security study was completed. This study surveyed states’ Chief Information Security Officers (CISOs) for their perspectives and insights cyber security issues. Interestingly, some of what the state CISOs reported in the survey aligned with what state agencies reported to our Office during our IT security performance audits. Specifically, they named adequate resources, including funding and staffing for IT security, as a significant challenge. However, the study’s results indicate CISOs and CIOs are having a strong, positive impact on cyber security, which is encouraging.