Investor Presentaiton
South Carolina's Decentralized Technology and
Information Security Governance Structure Leads to Challenges...
Technology and Information Security Governance Structure
Budget & Control
Board
Agency
Enterprise
Budget & Control Board
Executive Director
Budget & Control Board
Chief of Staff
Division of State
Information Technology
(DSIT)
Division Director
Security
Agency Director
I
I
Information Technology
Solutions Committee
(ITSC)
Chief Information Officer
(CIO) IT Director /
IT Manager
Information Security
Officer (ISO) IT
Manager
Note: The ITSC is comprised of 13 members representing functional groups, 3 at-large
members with knowledge in technology areas and the Deputy Division Director for
Enterprise Projects at DSIT.
Note: The Security function performs continuous Information Security monitoring of
networks and other IT assets for signs of attack, anomalies, and inappropriate activities.
3
•
•
.
•
•
Challenges
South Carolina does not have standard statewide technology
or Information Security policies. There is no state entity with
the authority and responsibility to provide technology or
security leadership, standards, policies, and oversight.
Information Security procedures and protocols have been
largely uncoordinated and outdated, exposing the State to
greater risks of internal and external cyber-attacks on
Information Technology (IT) infrastructure and data records.
There are no standards against which agencies are
measured, nor are there recurring processes to perform
systematic risk assessments.
Agencies are conducting mission critical Information Security
activities but uneven staffing, skill, and experience does not
leave room to be proactive in an environment of increasing
vulnerability and threat. Lack of employee awareness training
and a culture of complacency creates ongoing exposure.
Agencies have a significant variety of software, hardware and
information which increases the number of exposure points
and leads to higher expenses, thus diverting money from
underfunded areas such as Information Security staffing and
training.
Agencies have a degree of skepticism and distrust toward the
Division of State Information Technology (DSIT) owing to a
history of friction, primarily related to the cost of services
provided. These historical trust issues impair DSIT's ability to
"drive" any change initiatives.
This presentation is intended solely for the information and internal use of the State of South Carolina, and is not intended to be and should not be used by any other person or entity. No other
person or entity is entitled to rely, in any manner, or for any purpose, on this draft presentation.View entire presentation