The State of CT is the latest to release a cybersecurity strategy to assist state agencies and private businesses to protect critical data.
The seven principles discussed in the strategy – leadership, literacy, preparation, response, recovery, communication and verification – can be applied to every person, organization, government agency and business in Connecticut.
The strategy will also reach beyond state lines as state agencies and business aligning to the strategy will ask their vendors to do the same. As the strategy is based on the National Institute of Standards and Technology (NIST) framework, it will be easy for organizations to use NIST as a baseline and meet the CT guidelines while having a known framework that can also satisfy the requirements of other stakeholders who may request attestation that you have cybersecurity controls, policies and procedures in place to protect their information.
The State’s strategy will next be followed by an action plan that will contain concrete steps to address the issues raised in the report. The Department of Emergency Services and Public Protection – through the Connecticut State Police, the Connecticut Intelligence Center, and the Division of Emergency Management and Homeland Security – will also have a significant role in the plan’s implementation.
“We have a plan, but we also have a lot of work to do,” Arthur House said. “Cybersecurity is a process, not an end state. We must continue to take threats seriously and defend the people of Connecticut. Having a strategy is an important step – allowing Connecticut to be organized in fending off attacks by powerful and skilled cyber criminals. Everyone should join in common effort to create a culture of cybersecurity awareness.”