Managing Technology Risks Through Technological Proficiency A Leadership Summary

Similar documents
TECHNOLOGY MADE SIMPLE ISO 27001:2013 ISO QUALITY SERVICES QUALITY SERVICES CERTIFICATED REGISTERED FIRM CERTIFICATED REGISTERED FIRM

DATA COLLECTION AND SOCIAL MEDIA INNOVATION OR CHALLENGE FOR HUMANITARIAN AID? EVENT REPORT. 15 May :00-21:00

Chapter 5. Forms of Business Ownership and Organization

Three Year Technology Plan Williston School District #

Google SEO Optimization

The Technology Circus: How to Bring it All Together. Alan Tacy Infrastructure Practice Lead

Creating a Public Safety Ecosystem

2015 ISACA IT Risk/Reward Barometer US Consumer Results. October 2015

2015 ISACA IT Risk/Reward Barometer UK Consumer Results. October

2015 ISACA IT Risk/Reward Barometer Australia Consumer Results. October

Protection of Privacy Policy

Technologies that will make a difference for Canadian Law Enforcement

Digital Government and Digital Public Services

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: T:Drive. Safeguarding Policy Data Protection Policy

Our Corporate Strategy Digital

Supervision of Outside Business Activities (OBAs) and Private Securities Transactions Wednesday, November 9 3:30 p.m. 4:30 p.m.

Robert Bond Partner, Commercial/IP/IT

Innovation and Technology Law Curriculum

Pan-Canadian Trust Framework Overview

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

Summary Remarks By David A. Olive. WITSA Public Policy Chairman. November 3, 2009

INDUSTRY 4.0. Modern massive Data Analysis for Industry 4.0 Industry 4.0 at VŠB-TUO

UNITED NATIONS COMMISSION ON SCIENCE AND TECHNOLOGY FOR DEVELOPMENT (CSTD)

Radio Technology Overview. January 2011

SMART PLACES WHAT. WHY. HOW.

CYBER SECURITY GUIDELINES FOR COMPUTER BASED GAMING APPLICATIONS

Mitchell E. Herr. May 5, 2011

PYBOSSA Technology. What is PYBOSSA?

Human-Centric Trusted AI for Data-Driven Economy

technologies, Gigaom provides deep insight on the disruptive companies, people and technologies shaping the future for all of us.

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: Safeguarding Policy Data Protection Policy

Ties That Bind. Organisational Security for Civil Society. Executive Summary

Information & Communication Technology Strategy

WFEO STANDING COMMITTEE ON ENGINEERING FOR INNOVATIVE TECHNOLOGY (WFEO-CEIT) STRATEGIC PLAN ( )

Weston Public Schools. Weston Public Schools TECHNOLOGY PLAN June Lee McCanne, Ed.D. Director of Technology and School Libraries

Gujarat Technological University

2013 IT Risk/Reward Barometer: Asia-Pacific Results. October Unless otherwise noted, n = 343

Minnewaska Area Schools. e Technology Plan

g~:~: P Holdren ~\k, rjj/1~

Amarillo College Emergency Notification Systems and Procedures

Development and Integration of Artificial Intelligence Technologies for Innovation Acceleration

This policy sets out how Legacy Foresight and its Associates will seek to ensure compliance with the legislation.

Dr George Gillespie. CEO HORIBA MIRA Ltd. Sponsors

WAVE 5000 EVERY DEVICE. EVERY NETWORK. EVERY TEAM. CONNECTED LIKE NEVER BEFORE.

How Seattle Is Tackling Privacy Problems in Today s Digital Age (Contributed)

KKR Credit Advisors (Ireland) Unlimited Company PILLAR 3 DISCLOSURES

White paper March UrgentLink DISASTER COMMUNICATIONS NETWORK

Business Perspectives on Smart Cities Sensors, Big Data Lasse Berntzen

In 1984, a cell phone in the U.S. cost $3,995 and

Northfleet Technology College Course Outline: Information Technology in a Global Society

Internet of Things Market Insights, Opportunities and Key Legal Risks

Privacy. New technologies, same responsibilities. Carole Fleeman Office of the Victorian Privacy Commissioner

Digital Applications for Smart / Intelligent Cities

Gazette Notice SMSE

Event Summary: Merit-Based and Competitive Awarding of Federal IT Services: Public Policy and Department of Defense Cloud Computing

Smart Cities. Wednesday, May 16, :30 a.m. - 12:00 p.m. (EDT) What is a smart city? Are we ready for it? What are the challenges?

Interoperable systems that are trusted and secure

Q1 Under the subject "Future of Work and the New Economy", which topics do you find important?

DC Core Internet Values discussion paper 2017

Focusing Software Education on Engineering

Informal Briefing Minutes Tuesday, January 17, :30 AM 1. Water Resources

A Gift of Fire: Social, Legal, and Ethical Issues for Computing Technology (Fourth edition) by Sara Baase. Term Paper Sample Topics

Addressing Adverse Human Rights Impacts Connected to Product Misuse ADVANCED SUPPLY CHAIN COMPLIANCE SERIES

the regulatory and licensing structure for small-cell Internet access on the 3.5 GHz band. 1

Personal Data Protection Competency Framework for School Students. Intended to help Educators

Project Libra. Optimizing Individual and Public Interests in Information Technology

INSIGHT ADVANCING. Lexis Advance. Find just what you re looking for faster with research innovations inspired by legal professionals like you.

28 TH INTERNATIONAL CONFERENCE OF DATA PROTECTION

Confirms 2013 Financial Guidance

Guidelines to Promote National Integrated Circuit Industry Development : Unofficial Translation

Esri and Autodesk What s Next?

Technology transactions and outsourcing deals: a practitioner s perspective. Michel Jaccard

Community management plan for mining exploration

Delivering Public Service for the Future. Tomorrow s City Hall: Catalysing the digital economy

10 1/2 Secrets to Drastically Reducing Your Telecom Costs

BROOKSONONE.CO.UK SPECIALIST CONTRACTOR ACCOUNTANT BENEFITS OF USING A SPECIALIST CONTRACTOR ACCCOUNTANT

Privacy Policy Framework

National Instruments Accelerating Innovation and Discovery

Smarter Defense, an IBM Perspective IBM Corporation

Corporate responsibility and irresponsibility Historical and institutional dynamics

Interactive Computing Devices & Applications Based on Intel RealSense Technology

Global Standards Symposium. Security, privacy and trust in standardisation. ICDPPC Chair John Edwards. 24 October 2016

Low-Risk Steps to. Transitioning your Jurisdiction to MCPTT using Broadband PTT Interop

The Impact of the 4 th Industrial Revolution on Economic Development

Testimony of Professor Lance J. Hoffman Computer Science Department The George Washington University Washington, D.C. Before the

DATA AT THE CENTER. Esri and Autodesk What s Next? February 2018

eco Report: M2M Future Trends 2015

Survey of Institutional Readiness

SAFEGUARDING ADULTS FRAMEWORK. Prevention and effective responses to neglect, harm and abuse is a basic requirement of modern health care services.

Research Partnership Platform. Legal and Regulatory Challenges of the Sharing Economy

INTERNET CONNECTIVITY

Problem. How we solve the problem.

total money confidence

Partner for Success Secure & Smart Future Home

HOMELAND SECURITY & EMERGENCY MANAGEMENT (HSEM)

The 45 Adopted Recommendations under the WIPO Development Agenda

Victor Cid Senior Computer Scientist DIMRC, SIS, NLM

ICT : Internet of Things and Platforms for Connected Smart Objects

A Roadmap for Connected & Autonomous Vehicles. David Skipp Ford Motor Company

Operational Objectives Outcomes Indicators

Transcription:

Managing Technology Risks Through Technological Proficiency A Leadership Summary Research and Guidance for Local Governments to Understand and Address the Risks Presented by Contemporary Technology Prepared by: Bloustein Local Government Research Center Bloustein School of Planning and Public Policy Rutgers University for the Municipal Excess Liability Joint Insurance Fund

Technology Has Risks Digital technology permeates everything we do. Its impact on local government is constantly increasing. It goes beyond cyber security issues such as data breaches and network intrusions. This summary identifies* 1 the risks that face local governments and steps they can take to manage and mitigate them. 1 This summary is based on the full report, Managing Technology Risks Through Technological Proficiency and its Best Practice and Resource Guides, all found at www.blousteinlocal.rutgers.edu.

What is Digital Technology Digital technology involves the use of microcomputers (computers on a chip) that run in devices that perform a wide variety of tasks. They constitute the brains of computers, laptops, smart phones, tablets, and countless other devices. They are everywhere: in cars, traffic lights, medical devices, coffee makers, appliances, planes, and most everything wireless. They can be broken down into three areas of application: Information technology computers Communications technology voice, video and data that move over wired and wireless networks Operational technology digitally- driven devices such as video cameras, process controllers at water treatment plants, ice- detecting road sensors, meters, drones, including the so- called internet of things.

Impact of Digital Technology on Local Governments Citizens are driving government to adopt new technology (web pages, social media, online services). Local governments are challenged by: Cost/tax/fee pressures Varying and changing public expectations Political dynamics The result is that citizens and businesses want their government to use more technology, but they don t want to pay more for it; this inhibits government from moving forward at the pace these constituents expect. Thus, elected and appointed officials need to: Determine what is needed, wanted, can be afforded, and how to acquire and manage it Realize that technology is more than computers Understand that managing technology is an ongoing process; it is not a short- term project that is completed and ignored.

Managing Risks Technology in all its forms present risks to local government. The primary causes of technological risk are: Actions of People: activities that people either perform or fail to perform that cause harm. These people can be insiders or outsiders; their actions can be inadvertent or deliberate, or the result of no action at all. These activities are often classified as cyber hygiene. Systems and Technology Failures: the abnormal or unexpected functioning of technology. This can include hardware, software, and integrated systems. Failed Internal Processes: the failure of internal processes to perform as needed or expected. This comes from poor process design or execution, or faulty process controls. External Events: Events generally (but not always) outside the organization s control; disasters, infrastructure failure, legal issues, business issues, and service dependencies. The effects of these risks are significant; they overlap and break down into six categories.

Six Categories of Risk Cybersecurity: Data breach/theft and disclosure of personally identifiable information, data loss/corruption, network breach, cyber- extortion, website/social media attack. Legal: Third party liability for denial of services, discrimination, litigation costs, OPRA liability, police system failures, employee misuse Operational: loss of capacity to manage work, compromised physical security of technology, electrical system failures, contractor failures, failed backup systems Financial: cost of cyber insurance, responses to breaches (time and money), procurement delays, change from capital to operating expenses Reputational: loss of public trust, media risk, social media, political responses, bond rating agency evaluation Societal: differing expectations of the next generation of workers, speed of change and the ability to manage it, increased expectations of government transparency that are rooted in technology Cyber- security Societa l Reputa- tional Categories of Technology Risk Legal Financi al Opera- tional

Technological Proficiency Becoming technologically proficient enables governments to: Understand and manage their risks Be assured that technology will work when it needs to Protect themselves from compromise Technological proficiency has four interconnected practices: 1. Governance: governing body and executive management provide overall technology policy goals and guidance, evaluate risk, approve and fund plans, and monitor activities. 2. Planning: governance and technology managers combine to approve a technology plan that implements the long- and short- term goals and recommends risk management strategies. 3. Secure Humans: all employees understand and practice safe use of technology (cyber hygiene) and receive ongoing training to prevent technology compromise. 4. Competence: the staffing, management attention, and financial resources necessary for sound technology strategies are properly and adequately deployed to fulfill the plan.

Technology Risk Maturity Model A risk maturity model relates to how an organization manages its technology and addresses its risks Stage 1 Stage 2 Stage 3 Stage 4 Stage 5 Unaware Fragmented Top Down/Evolving Managed/Pervasive Optimized/Networked

Technology Profiles Profiles address the wide variety of technology use in organizations: Basic: stand- alone desktops with no internal network internet access and email managed via direct connection through an ISP; few if any third party service providers. Core: has a small internal network and may use Microsoft Exchange. Other services are purchased through third party providers. The police department and other agencies may run their own technology separate from the rest of the system. Managed: fully wired internal network with small staff or contractor management; uses local servers for hosting third party software and is connected to cloud- based services; police services may be mixed in or supported by the managed system. Sophisticated: fully networked in a wired or wireless environment with a mix of applications both owned and licensed, which may be hosted on- site and in the cloud; organizations with this profile support specialized servers and robust technical management using well- trained staff and service providers.

How to Get Started 1. Create a governance process appropriate to your agency 2. Start developing a technology plan 3. Implement employee cyber- hygiene training 4. Find out what s need to provide technology competently This will cost time, attention, and money. But, you have to do it. Use the project s best practice and resource guides for help and support. Technological proficiency safeguards a government organization s ability to fulfil its various societal and legal missions; it is a way to manage the risks that technology introduces into the organization s business processes.

Project References and Resources The study and reports were prepared for the Municipal Excess Liability Joint Insurance Fund by the Bloustein Local Government Research Center, Rutgers University. Marc Pfeiffer, MPA, was the Principal Investigator and author. The full report, Managing Technology Risk through Technological Proficiency, provides the background and additional information on the material in this summary. The accompanying material found in the Best Practice and Resource Guide for Achieving Technological Proficiency provide specific, profile- based actions local governments can take to move toward understanding and managing their technology risks. They are based on the four elements of technological proficiency presented in the report. The material is available online at www.blousteinlocal.rutgers.edu and www.njmel.com/. Credits Bloustein Local Government Research Center Bloustein School of Planning and Public Policy Rutgers University 33 Livingston Avenue, New Brunswick, New Jersey 08901 www.blousteinlocal.rutgers.edu marc.pfeiffer@rutgers.edu Municipal Excess Liability Joint Insurance Fund 9 Campus Drive, Suite 16, Parsippany, New Jersey 07054 www.njmel.org mel@permainc.com All material 2014-2015, Municipal Excess Liability Joint Insurance Fund and Rutgers, the State University.

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback