Information Security Blog

Top 3 Emerging IT Security Challenges for State Government

Top 3 Emerging IT Security Challenges for State Government

Cybersecurity is a top concern for every state CIO and chief information security officer (CISO). While every state is working hard to secure its systems and networks, the relentless onslaught of diverse threats continues to expose vulnerabilities. Recent “hacktivism” by the online group Anonymous illustrate the extreme susceptibility of state agencies and others running critical services on exposed servers.

Deep budget cuts are not making it any easier for states to secure the vast amounts of personally identifiable information (PII) and personal health information (PHI) that state governments need to collect and maintain in order to serve their citizens. What other challenges loom largest? These issues top the list:

BYOD (Bring Your Own Device) practices by employees

The use of smart phones and other mobile computing devices by the employees of state agencies is soaring, making it harder to monitor who has access to what data and applications, as well as how, when and from where users access systems. Mobile devices also blur the boundaries of the network.

For these reasons among others, state agencies need to focus more efforts on protecting sensitive data, in addition to network and infrastructure security. That also means adding anti-malware and anti-fraud capabilities to protect mobile online transactions as more and more employees – and citizens – access state systems using mobile devices.

Web-based access to critical systems

State agencies have worked hard to expand and improve Internet-based services to their constituents, including the collection, updating and sharing of PII. At the same time, cybercriminals have launched a blistering assault of web-based attacks and scams. Because of the nature of the data they maintain and their use of web portals, state departments like motor vehicles, health & human services and public safety/law enforcement are at high risk.


State agencies rely increasingly on third-party vendors to house data off-site, as well as to undertake key tasks like application management and threat and vulnerability monitoring. Even if in-house defenses are strong, incursions can take place through a vulnerable vendor – or even a community organization or other partner.

A comprehensive security assessment of third-party data sources is a daunting but essential first step towards vulnerability assessment for state agencies. A further concern is improper access to systems, including leaking of data, by contract and third-party employees.

With foreign governments and organized crime syndicates aiding and abetting the cyberthugs, cyber security risks continue to escalate in power and sophistication. State governments have their work cut out for them. Any malicious data breach can not only compromise vital agency information and software assets, but also abrogate the trust that citizens place in the government to safeguard their privacy.

Pivot Point Security has the right combination of Information Security/Compliance domain expertise, government knowledge and experience, and organizational character to help you define and execute on the best course of action to know you’re secure and prove you’re compliant.

A Best-Practices Guide to Government Information Security


Download our proven Government Vendor Risk Management Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your agency.


Free Whitepaper: Stop Wasting Money on Penetration Testing


Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Is ISO 27001 Right for (Y)our Organization?


Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Whitepaper: Five Best Practices for SIEM


The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

About the Author:

John Verry (CISA, 27001 Certified Lead Auditor, CCSE, CRISC) is Pivot Point's resident "Security Sherpa". He is lucky enough to spend most of his day helping clients develop a road map to address security, compliance, and attestation requirements.

Add a Comment

Share This