Data Classification Key to Wise Use of Cybersecurity Funding

By Amy Glasscock posted Jun 09,2017 10:23 AM

When we leave our homes in the morning, we lock the door. Some items are put away in drawers while other items are protected further in a fire safe. We take the time to classify our belongings and assign different levels of protection to them based on their value to us. Data held by states should be no different.

As has been the case in the last several years, the number one priority for State CIOs on NASCIO's annual Top Ten list for 2017 was security and risk management. Included in that category is "budget and resource requirements, (and) data protection."

As cybersecurity threats increase and become more sophisticated, unfortunately state budgets to combat the threats are not keeping up. CIOs and other state employees entrusted with the security of our data must find the best use for the available funds.

This is where data classification becomes critical. NASCIO recently released Better Data Security Through Classification: A Game Plan for Smart Cybersecurity Investments. The brief, a joint project between NASCIO's Cybersecurity Committee and Data Protection Working Group, explains why a risk based cybersecurity approach is the most beneficial to state government data.

When states have an enterprise-level data classification policy in place, not only is data better organized and protected, but the state is able to prioritize funding where it is really needed. NASCIO encourages states that have yet to implement such a policy to consider doing so. The next part of this series will be guidelines for creating a data classification policy and will be released this summer.