| |
 |
| |
 |
 |
 |
|
 |
|
|
 |
 |
|
 |
|
The state & local government Information Technology (IT) market does not have uniform habits when it comes to purchasing IT security technology. In fact, five states (Ohio, Michigan, Wisconsin, Washington and Massachusetts) invest between 30 and 70 percent more in security technologies at all levels of government than the average of the top 24 states.
Looking specifically at these Lead Investor states, CDW-G and interviewees in state, county and municipal governments identified common elements that lead to more aggressive investments in information security, including:
- Strong state-level leadership
- County and municipal government leadership supporting regional or state initiatives
- Strong academic programs in information assurance education
- Significant user groups/associations to provide critical mass across multiple levels of government
- Early starts, with statewide information security programs operating as early as 1997
- Substantial legislative and/or political support for the IT agenda
|
|
 |
|
 |
|
 |
|
|
|
|
The State of Ohio remains the top investor in every category of security investment, including network security, security software, and anti-virus software. In addition, the state has taken the following steps to invest in a more secure IT environment:
- The State Office of Information Technology sponsors a network vulnerability and IT risk assessment program.
- Agencies having already participated in the network vulnerability and IT risk assessments are currently eligible to apply for grant monies from the Federal 2004 Homeland Security grant program.
- Several Ohio universities operate strong and sizable information assurance and information security programs, graduating hundreds of information assurance professionals each year.
|
|
|
|
|
|
|
 |
|
|
|
|
The State of Michigan is the second highest investor in the categories of network security and anti-virus software. In addition, the state has taken the following steps to invest in a more secure IT environment:
- The State of Michigan has had a state-level Chief Information Security Officer (CISO) since 2002.
- The state executed an enterprise-wide rapid risk assessment as early as 2002-2003 using IT security personnel from 11 different state government organizations - led by the CISO and based upon National Institute of Standards and Technology, International Standards Organization and Government Accountability Office security standards.
- Michigan won NASCIO Security and Business Continuity Recognition Awards in both 2003 and 2004.
- Michigan has three academic programs designated as National Centers of Academic Excellence in Information Assurance Education.
|
|
|
|
|
|
|
 |
|
|
|
|
The State of Wisconsin ranks third in the security software and anti-virus software investment categories, putting it near the top of list for lead investors. In addition, the state has taken the following steps to invest in a more secure IT environment:
- Wisconsin operates strong academic programs for information security, with several universities offering information assurance and security programs at both the undergraduate and graduate levels.
- Wisconsin executed a statewide e-mail, authentication and application security assessment in 1997, providing basic standards for information security, encryption and even references to biometric technologies.
- The Free Wisconsin Information Security Users Group has been in operation - with strong membership - since 2002.
|
|
|
|
|
|
|
 |
|
|
|
|
The State of Washington stands as the fourth highest investor in network security, fifth highest in security software, and sixth highest in anti-virus software. In addition, the state has taken the following steps to invest in a more secure IT environment:
- Washington incorporated security in its Enterprise Architecture and Digital Government plans as early as 2000.
- The state designated a Chief Security Officer for the Department of Information Services in 2000.
- In March 2002, under the direction of Governor Gary Locke and the state’s Information Services Board, then-state CISO Darlene Kosoff established and chairs the Washington Computer Incident Response Center (WACIRC). Information Security magazine recognized WACIRC in December 2003 as the "Best Government Response System."
|
|
|
|
|
|
|
 |
|
|
|
|
The Commonwealth of Massachusetts ranks second in network security investment and fourth in anti-virus software investment. The commonwealth's security software investment, however, is ninth overall. In addition, the commonwealth has taken the following steps to invest in a more secure IT environment:
- Massachusetts included security as a key management discipline in
1998 and implemented a state-wide Enterprise Information Security
Policy in 2001.
- In 2002, the Massachusetts Information Technology Division's Cyber
Law E-Government Advisory Roundtable began including security
Service Level Agreements (SLAs) in technology procurement contracts.
- Massachusetts has three academic programs designated as National
Centers of Academic Excellence in Information Assurance Education.
|
|
|
|
|
|
|
|
|
 |
|
|
 |
|
|