To define and clarify policies, standards and guidelines, and responsibilities related to the security of the state's information technology resources.
Information security serves statutory goals pertaining to government operations and public records. These include:
• Insure continuity of government operations (Article III, Section 29 of the Nebraska Constitution; Neb. Rev. Stat. § 28-901 and 84-1201);
• Protect safety and integrity of public records (Neb. Rev. Stat. § 28-911, 29-2391, and 84-1201);
• Prevent unauthorized access to public records (Neb. Rev. Stat. § 29-319, 81-1117.02, and 84-712.02);
• Insure proper use of communications facilities (Neb. Rev. Stat. § Section 81-1117.02); and
• Protect privacy of citizens (Neb. Rev. Stat. § 84, Article 7).
Major activities include:
• Development of an overall security strategy, including policies, security awareness, and security infrastructure improvements;
• Network security standards and guidelines;
• Education and training;
• Authentication (directory services);
• Disaster recovery for information technology systems (as part of a broader business continuity planning);
• Compliance with federal privacy and security mandates;
• Security assessments.
Benefits will include lower costs by addressing security from an enterprise perspective, cost avoidance, and protecting the public trust.
1. Review and revise policies and procedures relating to identity management and directory services.
2. Develop policies and standards relating to the hosting of State data by vendors.
3. Implement shared disaster recovery facilities.
4. Promote disaster planning for information technology systems, including developing elements of a common planning document and developing an approach for common governance during an event.
Refer to the Statewide Technology Plan for further information.