Cybersecurity & Risk Management

The threat of online attacks is constant, and the tactics are always changing! You need to be ready and have tools in place to protect yourself and your organization.

In a world where data breaches seem to be accepted as commonplace, it’s unsurprising cybersecurity and risk management sit at the top of the NASCIO priorities list. But what do we really mean by these broad, umbrella terms? To differentiate the two, cybersecurity is the general practice of protecting technology and data from digital attack. Risk management, meanwhile, comprises the processes, technologies, and governance an organization uses to plan for and mitigate technology vulnerabilities and threats (i.e. risks). Together, these two processes include numerous critical security functions such as security resourcing, identity and access management, data security, the development of secure applications, DevSecOps (Development, Security, and Operations), security training, addressing insider threats, and more.

Security & compliance continue to be the focus for our State and Local government entities, with ever increasing occurrences and sophistication of cyber-attacks this remains the top priority for protecting the nation’s citizens. Organizations place a heavy focus on implementing Zero Trust and ensuring governments systems have implemented the necessary processes and tools to ensure compliance with standard NIST framework controls. The governing balance in a Zero Trust environment is difficult because an organization must control access without creating in efficiencies in workflows, but it can be (and must) be done!


Return to

Explore the NASCIO Top 10 Priorities

Download Top 10 PDF