CYBERSECURITY

Our Mission

To develop and promote an enterprise security & privacy program and establish cybersecurity goals and objectives that minimize risk to information resources leading to improved overall security posture for the State of Alabama.

What We Do

The Alabama Office of the Chief Information Security Officer is responsible for establishing and leading the strategic direction of security and privacy for the State of Alabama by providing IT governance and technology leadership for state government, as well as coordination and information sharing between State agencies and partner organizations, and promoting information security awareness and training for users of State information resources.

Key Responsibilities

  • IT Governance, Risk, and Compliance

  • Security Architecture & Engineering

  • Information & Intelligence Sharing

  • Security Workforce Training

  • Security Monitoring & Analysis

  • Incident Response & Forensics

  • Technical Security Assessments

 Partner Organizations

The State of Alabama recognizes that organizations need to be members of groups, committees, and other peer related organizations that have similar interest and regulatory requirements. These organizations enable the State, and other government related organizations, to increase organization security program maturity levels while implementing best practices to increase availability, integrity, and confidentiality.

Multi-State Information Sharing and Analysis Center (MS-ISAC)

https://www.cisecurity.org/ms-isac/

A collaborative organization with participation from all 50 States, the District of Columbia, local governments and U.S. Territories, the MS-ISAC provides a central resource for gathering information on cyber threats to critical infrastructure from the states and provides two-way sharing of information between and among the states and with local government.

The MS-ISAC partnership enables the State of Alabama to provide substantially improved security posture to the State’s agencies and constituents. Capability increases due to this partnership include, but are not limited to: Incident Response, Data Forensics, Auditing and Analysis, Security Advisories, Threat Notifications, and much more.

Every year in October, MS-ISAC promotes National Cyber Security Awareness Month (NCSAM).  In participation, our Governor signs an annual proclamation proclaiming October as Alabama’s Cyber Security Awareness Month.

MS-ISAC also provides our state with the National Cyber Security Review (NCSR).  The NCSR allows participating states to self-evaluate cyber security postures, then anonymously compare to other states in the nation.

 

National Association of State Chief Information Officers (NASCIO)

https://www.nascio.org/

NASCIO’s mission is to foster government excellence through quality business practices, information management, and technology policy. NASCIO provides state CIOs and state members with products and services designed to support the challenging role of the state CIO, stimulate the exchange of information and promote the adoption of IT best practices and innovations.

 

National Governors Association (NGA)

https://www.nga.org/cms/home

The NGA is the bipartisan organization of the nation's governors. Through NGA, governors share best practices, speak with a collective voice on national policy, and develop innovative solutions that improve state government and support the principles of federalism.

In regards to cyber security, the NGA impresses the importance of cyber security in State systems upon our State’s leadership.  The NGA has an annual cyber security briefing that garners attention from all state leaders.  The security briefing shares common trends among states and provides cyber security implementation methods for high level security programs for states.

​This year, Alabama Governor Kay Ivey signed the NGA “Compact to Improve State Cybersecurity.”  This agreement helps our leaders recognize their top-level responsibility in securing state citizen’s data and then urges them into action through building cybersecurity governance, preparing & defending the state from cybersecurity events, and growing the nation’s cybersecurity workforce.

 

National Association of State Technology Directors (NASTD)

http://www.nastd.org/home

NASTD represents information technology professionals from the 50 states, divided into four regions, and the private sector. State members provide and manage state government information technology services and facilities for state agencies and other public entities, often including hospitals, prisons, colleges and universities.

NASTD is a wealth of knowledge that allows us to bolster the implementations of our State’s technologies – specifically in best cyber security practices as applied to the States in our Nation.   Technology directors from around the country share experiences, deployment methodologies, lessons learned, and more to promote secure information-based services for our State’s constituents.