When we leave our homes in the morning, we lock the door. Some items are put away in drawers while other items are protected further in a fire safe. We take the time to classify our belongings and assign different levels of protection to them based on their value to us. Data held by states should be no different.
As has been the case in the last several years, the number one priority for State CIOs on NASCIO's annual Top Ten list for 2017
was security and risk management. Included in that category is "budget and resource requirements, (and) data protection."
As cybersecurity threats increase and become more sophisticated, unfortunately state budgets to combat the threats are not keeping up. CIOs and other state employees entrusted with the security of our data must find the best use for the available funds.
When states have an enterprise-level data classification policy in place, not only is data better organized and protected, but the state is able to prioritize funding where it is really needed. NASCIO encourages states that have yet to implement such a policy to consider doing so. The next part of this series will be guidelines for creating a data classification policy and will be released this summer.