Frequently Asked Questions (FAQ's)
Find
Number of results:
Open all sections | Close all sections
Yes. threats are increasing exponentially in sophistication, intensity, diversity and volume. Cyber experts report significant escalation in external cyber attacks, especially from criminal organizations and foreign state sponsored activities.
Mobile devices do bring great utility in terms of convenience and allowing individuals to be “online all the time.” Governments have widely deployed mobile devices for accessing resources and greater workforce productivity. However, the use of mobile devices for communicating and for sharing data create inherent security issues and add more points of access to the network. Mobile malware threats are certainly growing and a significant security concern with mobile devices is the loss of the device.
NASCIO defined what is termed a “Core IT Security Services” taxonomy which presents twelve necessary service categories.
See the NASCIO report, The Heart of the Matter: A Core Services Taxonomy for State IT Security Programs, 2011 (PDF), available from www.nascio.org/publications.
See the NASCIO report, The Heart of the Matter: A Core Services Taxonomy for State IT Security Programs, 2011 (PDF), available from www.nascio.org/publications.
ISO 27001 (ISO27001) is the international Cyber Security Standard that provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System.
Yes. Cloud services promise to provide flexibility, scalability, measured service and certain cost efficiencies, but also present additional security risks associated with authentication, access and storage of government data. The total economic cost and different security elements of cloud services must be fully understood when evaluating cloud computing in general and the various deployment models (public, private, hybrid, community). Consumer-based cloud services used by government workers present additional risks because they may not offer rigorous security controls.
See the following report that provides more details on this issue: Capitals in the Clouds Part V: Advice from the Trenches on Managing the Risk of Free File Sharing Cloud (PDF, available from NASCIO Publications).
See the following report that provides more details on this issue: Capitals in the Clouds Part V: Advice from the Trenches on Managing the Risk of Free File Sharing Cloud (PDF, available from NASCIO Publications).