| | January 2015 19CIOReviewAfter securing executive support, make sure you partner with the private sector. In order to have a comprehensive cybersecurity strategy, it's imperative to connect the dots between the two. Launched in November 2012, the Michigan Cyber Range allows for "live fire" exercises and simulations that will test the detection and reaction skills of participants in a variety of situations. The range has sites at Eastern Michigan University, Ferris State University and Northern Michigan University, a hub at the Michigan National Guard 110th Airlift Wing in Battle Creek, and two more hubs planned for unveiling later this year. The cyber range is a perfect example of how state government, public universities and the private sector (Merit Network) can partner together to prepare for possible real world scenarios. Successfully responding to a cybersecurity incident will require individuals from both the public and private sectors to work together and the cyber range, allows for and helps foster both cooperation and preparation.Along the same line, another great tool to help drum up ideas and encourage cooperation across the state, is my "CIO kitchen cabinet." This informal group of Michigan CIOs meets monthly to discuss a variety of issues, from cybersecurity policies to best practices to how to manage/implement a bring-your-own-device plan. While I originally started the group to help advice me in my new role as the state CIO back in 2011, the kitchen cabinet has transformed into an invaluable tool for me and the other CIOs involved. In 2012 I went to the group with the state's cybersecurity challenge and came away with the Michigan Cyber Disruption Response Strategy to address significant cyber disruption events in the state.Lastly, if you don't already have a cybersecurity awareness training program in place to educate employees and ultimately help reduce security incidents as a result of user error, I strongly encourage you to consider the option. According to a recent study referenced by the Ecommerce Times, "an overwhelming 80 percent of corporate security professionals and IT administrators indicated that `end user carelessness' constituted the biggest security threat to their organizations." People can have a significant impact in helping combat cyber attacks, but in order to achieve this goal you have to change user behavior, which requires making security awareness part of your enterprise culture. The awareness training program we're using from Security Mentor has been well-received by our employees. To help change the culture in Michigan, we rolled out cybersecurity awareness training to roughly 47,000 state employees in 2012.Cybersecurity is serious business, but with support, collaboration, partnership, education and forward-thinking, we can stand prepared for the challenges ahead.United States will face at some point a major cyber event that will have a serious effect on our lives, our economy and the everyday functioning of our societyDavid Behen"
< Page 9 | Page 11 >