govciooutlook
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
April-20179GOVERNMENT CIO OUTLOOKor a transaction­of the state and its constituents. It has transmuted to become more of a business-oriented leader that not solves public issues but also helps look forward to understand how technology can navigate charges of the state to its people and also manage the risks that tag along with it. Going by this conversion, the agenda of governments in terms of IT security is undergoing an extensive modification these days. Security has always been in the realm of priority for state CIOs but until the last few years, it has really been a course module where the leaders have to share anecdotal stories about glitches or risks and comps or breaches. Nevertheless, it is quickly changing to become more of a ProModel where agencies are recognizing that the responsibility for security is entrusted upon everybody, including the citizens themselves. State governments have a major role to play in the safeguarding of public assets. In that regard, the landscape is quite positive as security happens to be top-of-mind for most organizations. More and more officials are now willing and eager to do everything that the state can for the protection of crucial data and resources. On the flip side, the risk landscape is getting all the more complex owing to the strict vigilance of thread actors in finding weaknesses.IoT as a Challenge to Government SecurityTaking into account the impact of IoT over public sector, the former has been speculated to be one of the biggest challenges to security because governments usually do not have a use case centering on IoT, or the security of IoT to leverage for making the case, exacerbated by the critical infrastructure that most agencies have. As for the masses, IoT is something from the future. They are yet to realize the enormity of the IoT threat (large, complex and multi-dimensional) as it really is. The focus today is more when it comes to cyber security applied on databases, whereby one gains access to a product by connecting to an internet-enabled device in the field. The need to recognize and employ resources to curb data-driven risks has become crucial. Agents indeed have a liability towards preserving and protecting sensitive data which can be accomplished by an effective collaboration with the government.Measures Taken to Ensure SecurityWhile addressing challenges, a risk-based approach is often reckoned as holistic instead of a simple checkbox mode of control. This enables the authorities to analyze the sensitivity or risk factor as a step towards managing vulnerability. Another way to tackle this complex environment is by engaging the owners of a system to make sure that the specialists understand from the owner's perspective regarding how critical that system is and what are the consequences of it being compromised. Based on a business or customer-driven perspective, the security experts need to do an assessment of the controls that need to be put in place.If they can't be successful with this technique, the answer is not to give up but to find compensating solutions that will provide a similar level of security and risk-reduction. It has to be a weighted decision metric; businesses initially go on to air on the side of accessibility and ease-of-use whereas the security professionals would want to air on the side of protection and locking everything down, neither of which works. It has to be a shared responsibility and a mutual priority setting to generate access, ease-of-use, portability and security. It must be noted that this is not a solution that is owned and driven just by the security staff, but a system of collaboration. The key is to understand that the core protection mechanism irrespective of the data or the process or the agency, will take measures which has to be non-negotiable. A deep-rooted obstacle that interrupts this process is the problem of adaptability. Standardizing and using the same controls everywhere is likely to be a lot more cost-effective and much simpler. This, however, shall not be effective in case of revenue circulation although there are services like the Public Works Board to simplify issues by implementing a manual-based approach, regardless of the environment or the application. ``While addressing challenges, a risk-based approach is often reckoned as holistic instead of a simple checkbox mode of control
< Page 8 | Page 10 >