Investor Presentaiton slide image

Investor Presentaiton

South Carolina's Decentralized Technology and Information Security Governance Structure Leads to Challenges... Technology and Information Security Governance Structure Budget & Control Board Agency Enterprise Budget & Control Board Executive Director Budget & Control Board Chief of Staff Division of State Information Technology (DSIT) Division Director Security Agency Director I I Information Technology Solutions Committee (ITSC) Chief Information Officer (CIO) IT Director / IT Manager Information Security Officer (ISO) IT Manager Note: The ITSC is comprised of 13 members representing functional groups, 3 at-large members with knowledge in technology areas and the Deputy Division Director for Enterprise Projects at DSIT. Note: The Security function performs continuous Information Security monitoring of networks and other IT assets for signs of attack, anomalies, and inappropriate activities. 3 • • . • • Challenges South Carolina does not have standard statewide technology or Information Security policies. There is no state entity with the authority and responsibility to provide technology or security leadership, standards, policies, and oversight. Information Security procedures and protocols have been largely uncoordinated and outdated, exposing the State to greater risks of internal and external cyber-attacks on Information Technology (IT) infrastructure and data records. There are no standards against which agencies are measured, nor are there recurring processes to perform systematic risk assessments. Agencies are conducting mission critical Information Security activities but uneven staffing, skill, and experience does not leave room to be proactive in an environment of increasing vulnerability and threat. Lack of employee awareness training and a culture of complacency creates ongoing exposure. Agencies have a significant variety of software, hardware and information which increases the number of exposure points and leads to higher expenses, thus diverting money from underfunded areas such as Information Security staffing and training. Agencies have a degree of skepticism and distrust toward the Division of State Information Technology (DSIT) owing to a history of friction, primarily related to the cost of services provided. These historical trust issues impair DSIT's ability to "drive" any change initiatives. This presentation is intended solely for the information and internal use of the State of South Carolina, and is not intended to be and should not be used by any other person or entity. No other person or entity is entitled to rely, in any manner, or for any purpose, on this draft presentation.
View entire presentation