Richard Clarke's Cyber Security Top 10 List for State Legislatures
- Develop an IT security policy like the Federal Information Security Management Act.
- Put one person in charge of cybersecurity statewide, and have a person at each agency.
- Provide an education/awareness program to teach employees the policy in a fun way. For example, employees can take a test in the form of a computer game and win prizes for high scores.
- Enforce the policy. Software programs can provide daily audits and reports for each agency on compliance with the policy.
- Buy IT security products on a government wide basis, rather than letting each agency do its own buying.
- Use resources and experts at local universities. States could also -- based on the federal Cyber Corps model -- pay tuition for students who get degrees in cybersecurity in exchange for working for the state for a period of time.
- *Create a public private partnership by working with commercial firms, such as telecommunications and technology companies.
- Use outside contractors for managed security services, because state salaries probably won't attract the top talent.
- Encrypt sensitive data so even if digital information is stolen, it can't be read.
- Get help and money from the federal government. For example, states can urge expansion of the federal student tuition program so recipients can also work for state governments. Lobby Congress to have grants for State IT Security centers.
|
© 2008 National Conference of State Legislatures, All Rights Reserved
Denver Office: Tel: 303-364-7700 | Fax: 303-364-7800 | 7700 East First Place | Denver, CO 80230 | Map
Washington Office: Tel: 202-624-5400 | Fax: 202-737-1069 | 444 North Capitol Street, N.W., Suite 515 | Washington, D.C. 20001
