Go to Admin » Appearance » Widgets » and move Gabfire Widget: Social into that MastheadOverlay zone
The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.
By Marc H. Pfeiffer
June 10, 2016
Citizens expect their government agencies to keep up with technology advancements. However, financially stressed agencies often struggle to keep pace with the rapidly changing technological environment. The ongoing threat of cyber security is on everyone’s mind. And while we expect our organizations to maintain high levels of cyber security, there are other, often overlooked technology-related risk factors that must be considered as well.
Managing technology is hard. It is hard for large multi-national corporations and the federal government, as well as for individuals with a PC or a smartphone. Likewise, it is difficult for state and local governments and schools. New technologies present challenges for organizations when deciding what goods and services they need and how to acquire them. It means they must work through procurement laws that were never designed for buying today’s rapidly changing technology. In addition, once a technology component is purchased, it means managing its implementation and operation. All this requires agencies to spend scarce resources of time, attention and money.
Managing the cost of new technology has its own complications. Increased public expectations for the adoption of the latest technology advancements are offset by legal and political limits on new spending.
Government officials also need to understand that digital technology introduces new risks. Ongoing and evolving cybersecurity challenges rightfully receive the most attention. However, there are other risks that include operational, legal, financial, reputational and societal liabilities. These risks are complicated by “make or buy decisions.” These are the choices an agency makes regarding which services it decides to provide with its own staff and which ones it contracts to other organizations. But outsourcing services does not outsource all the risks.
Organizations that manage their technology proficiently are capable of assessing and understanding their risks and opportunities. Achieving technological proficiency involves four elements: governance, planning, cyber hygiene and technical competency.
Governance means that the governing body and an agency’s executive management team provide technology policy goals and guidance. They must also evaluate risks, approve and fund plans and track activities.
Planning requires that governance and technology managers work together to develop and approve a technology program. The resulting plan needs to put long- and short-term goals in place. It must also recommend risk management strategies and tie the plan to the agency’s annual budgeting cycle. (When it comes to technology planning, three years is considered long-term.)
Cyber hygiene ensures that all employees understand and practice the safe use of technology. It also means employees receive ongoing training to prevent technology compromise (e.g., phishing attacks).
Finally, implementing technical competency addresses the agency’s needs for sufficient staffing, management attention and financial resources. These must be adequate in order to ensure that sound technical practices are employed to fulfill the plan. This is especially critical in light of evolving cyber security threats.
Technology proficiency and risks vary by an agency’s technology profile, which is an assessment of an organization’s technological sophistication. Profiles can be assigned stages: basic, core, managed and sophisticated. Agency risk exposure also varies, here using five levels: unaware, fragmented, evolving, managed and optimized. Taken together, these elements can help guide an organization improve its proficiency.
How can government organizations address these challenges? They can start by setting a goal of attaining proficiency. That begins with creating a governance process appropriate to that agency. From there they can develop a technology plan, link it to budget decisions, and implement employee cyber-hygiene training. Then discover what they need to be technically competent and to take steps to meet those needs.
A report by the Bloustein Local Government Research Center at Rutgers University shines a light on these often overlooked areas. It provides guidance on how government agencies can manage these opportunities and challenges.
The report includes a 20-question assessment tool to measure an organization’s degree of risk. There is also a best practices guide for each technology profile. These guides provide direction on how agencies can improve their technological proficiency. The report, the best practices guides and a leadership summary for elected officials and senior managers an be found online. The author is interested in feedback and/or comments on the report.
Author: Marc Pfeiffer is the assistant director of the Bloustein Local Government Research Center and conducted the study. Reach him at [email protected]. Pfeiffer will be leading an online discussion on this subject Thursday, June 16. Interested parties may register online.