“Cybersecurity is seen as ‘the CISO’s problem’ and is almost never considered an integral element to an IT acquisition, although it should be.” This quote is from a state chief information security officer (CISO) when asked about how cybersecurity is integrated into the state information technology (IT) acquisition process.
The importance of cybersecurity in both the public and private sector cannot be overstated and this is even more true for state government. The past several years has demonstrated that disruptions to state services, the supply chain and public trust have a tremendous impact on state governments. While it is impossible to prevent every incident or disruption, there are steps that can be taken to limit them. A very wise woman once said, “let’s start at the very beginning, a very good place to start.” In this case, the beginning is with the acquisition process—starting with discovering a need and ending with final implementation—and baking cybersecurity into it from the beginning.