Click this link to view a Florida state bill under review outlining the requirement for State entities to employ a Chief Information Security Officer (CISO) and for that person to create rules and policies for that entity.
This highlights a growing trend across the country to push cybersecurity policies at breakneck speed. At this time, policy makers, organizational leaders, and cyber insurance providers work feverishly to create meaningful policies to reshape or guide current practices. More security is the first and biggest thing on the minds of almost everyone in the technology space. And the more these events occur, the more concern grows for everyone about being the next target.
As we continue our Service Driven University series, we’ll highlight important issues like ZTNA and segmentation, Defense-In-Depth or a security fabric, and ways that the network as a service model can streamline network operations to increase visibility and ease of management and reduce risk in the long run.
For now, consider what we saw in just 2022 regarding cybersecurity legislation.
2022 Introductions and Enactments At least 40 states and Puerto Rico introduced or considered more than 250 bills or resolutions that deal significantly with cybersecurity. Twenty-four states enacted at least 41 bills in 2022 so far, as indicated in boldface in the list below. The most common enactments in 2022 will:
– Require government agencies to implement cybersecurity training; to set up and follow formal security policies, standards and practices; to have incident response plans in place; to provide mandatory training for employees; and to report security incidents, including ransomware attacks.
– Mandate security practices related to elections.
– Establish or support programs or incentives for cybersecurity workforce training and education programs.
– Provide funding for cybersecurity programs and practices in state agencies, local governments and schools.From this, we see that, across the Country, the weight and burden of cybersecurity fears are being spread around. Many are now forced to deal with the weight and burden of complying with these laws as each new one if rolled out. We also see a greater respect for cybersecurity, appreciation for the need for more awareness, and new focus on education in this space.
While new burdens come with each not requirement, we see a general growth of concern about and respect for the work needed to secure our IT resources, along with an attempt to understand how big this fight truly is for IT professionals daily.