Florida builds new cybersecurity framework

Since the re-launch of Florida’s IT agenc y last year, Chief Information Security Officer Danielle Alvarez has been working to build up a cybersecurity framework for the state.

Alvarez said the biggest threat currently facing the state is “lacking that foundation” for how to effectively handle information security, and she’s now in the midst of laying down those guidelines.

“We are actually taking the prior rule in adoption and updating it, mapping it to the [National Institute of Standards and Technology] cybersecurity framework,” Alvarez told StateScoop at the National Association of State Chief Information Officers’ annual conference in October. “Basically you look at the framework as a skeleton and so we establish the skeleton, ‘These are the things you need to think about and things you need to consider.’”

Once that work’s completed, Alvarez said there’s plenty left for the state to do when it comes to filling in any gaps left in the framework, and putting a focus on education for state workers.

“We’re going to work on populating and filling in the framework, that would be the actual process and practice guidance documents, and then training and artifacts to help all the state agencies actually go forth and implement the framework,” Alvarez said.