New Roles in Local Government Cybersecurity: A Guide to the CISO, BISO, CPO, and CSO
The rapidly changing cybersecurity landscape has forced local governments to reevaluate their approach to cybersecurity. With the...
Getting Something Going and Improving Over Time
Getting Something Going and Improving Over Time: The Power of MVP, Marginal Performance Gains, and Planned Neglect Starting a new project...
Why Cybersecurity Needs to be Separated from IT in Local Governments
"The days of the CISO being completely IT-centric and as such being in a role under the CIO is gone. Managing security effectiveness and...
Cybersecurity Policy Coverage
What topics need to be covered in cybersecurity policies? In this post, I will cover the required cybersecurity policies from various...
Who should setup access in the ERP (Financial Application)?
As an IT auditor for local governments, one of the most often asked questions I get during audits is this: “Who should set up user access...
Policy, Procedure, or Plan
Some standards like PCI and NIST require policies that cover specific topics. Sometimes you will see a requirement for a policy and...
IT Governance & IT Management
Many practitioners use these terms governance and management synonymously. While there is some overlap in practice, there are key...
Cybersecurity Policies Made Easy
People often ask for advice regarding information security or cybersecurity policies. For the remainder of this article, I will use...
Cybersecurity Policy for Local Governments
Here is a sample high-level cybersecurity policy for a city, district, or county. It is designed to be a high-level statement adopted by...
Does Security Awareness Work?
According to the Verizon 2018 Data Breach Report, 93% of data breaches are linked to phishing or social engineering. With stats like...
