But self flagellation aside, want you to know that there's at least one US State out there that's done what myself and others have been urging for large utilities. Namely, appoint and empower a CSO or CISO with enterprise-wide policy setting and enforcement authority.
For Colorado, that's Travis Schack, who's at the helm as CISO. It's important to note that Colorado didn't have to make this position, it chose to. That's right, and it neither regulator nor competitive pressure that drove this decision. Colorado has a CISO because it thinks its operations require, and its citizens deserve one.
Well check this out, from Travis's own blog, and you'll see that he's asking questions near and dear to our sector right now. Of government agencies he asks:
... do you have a data classification process in your organization? Do you know what systems process, store, and/or transmit each type of data within your organization? Do you know who has access to each type of data, where is the data being accessed from, when is the data being access, and what is being done to your data?Ahem and Amen. Nice job, Colorado. And thanks to the Center for Digital Government for shining a light on these folks.