CIOReview | | 9 MAY 2023IT leadership needs to be open, honest, and transparent with sworn leadership to make sure that project benchmarks are being achievedthis new product or some other equivalently challenging issue. IT governance in the public safety setting can increase the probability of implementing cop proof technology by having everybody involved, including InfoSec. The IT Governance strategy should be developed in collaboration with senior law enforcement officials and InfoSec. This way the introduction of new technology will have guiderails that follow the Governance and InfoSec frameworks. How do we make a new product cop proof? There are a few pitfalls that you must avoid to achieve success. This is especially true with technology projects. The first is the "Everything is great narrative." IT leadership needs to be open, honest, and transparent with sworn leadership to make sure that project benchmarks are being achieved. If there are any troubles along the way, everyone should be aware of them. Senior leadership in any business model hates surprises, especially when it comes to highly visible, extremely expensive technology projects. Keep everyone informed so if there are roadblocks in the project plan, nobody is taken by surprise.The next is being overly optimistic in giving inaccurate delivery estimates. IT leadership should not be putting forward projects that simply cannot be delivered, not only in any production environment but from a fiscal point of view. Sworn leadership must articulate to the patrol staff not only the technology initiative but how it affects the department. This way things like scope-creep, and delivery issues can be addressed immediately and will not affect timelines. Lastly, there needs to be proper testing. Not only from an operational perspective but looking at the project through the lens of the CISO. Like any DevSecOps methodology, testing in any IT project should also include iterative InfoSec testing, not just near the end of the application deployment, but in all phases of testing.Another thing to think about when introducing new technology is that Law Enforcement tends to go through leadership changes regularly, due to the nature of the organizations (e.g. newly elected Sherriff, command rotation processes, etc.). This tends to keep tweaking requirements for new technology products and services, in addition to continually moving legislative goalposts. Governance can be a way to combat this constant change and maintain not only a common understanding but also commitment on a wholistic level. In a mature, functional environment, governance is multi-faceted. Not only IT and senior leadership but representative of the whole organization, as governance should be a mechanism to help IT determine business needs and ensure technology is procured or implemented to meet this need. Two thoughts when linking the need for Governance and the necessity of InfoSec: One, find a way to educate those typically opposed to security controls on how Infosec is actually trying to protect them from a cyber perspective. Two, public safety has numerous compliance requirements that need to be adhered to that are within the information security domain. So, if this is the case, governance done right will find a good balance between compliance of policy or regulation while taking the user experience into account. Security controls, along with proper education and governance will typically make the environment as "Cop-Proof" as possible.Making IT projects cop proof doesn't stop at the end of the project. IT services are critical to Law Enforcement operations and are constantly being upgraded and improved upon for many reasons ­ security updates, vendor feature improvements, and workflow or process changes by the agency. This is where governance continues to play a role on critical items like how the organization makes decisions, communicates topics across the agency, and initiates remediation in the event of a security incident. Cop proofing IT is an ongoing challenge for all involved. Lester Godsey
< Page 8 | Page 10 >