Developing a Public/Private Cybersecurity Scorecard for the State of Indiana

Nov 28, 2018

Download: MP4 Video Size: 167.7MB  
Watch on YouTube

Abstract

How do you assess the cybersecurity status of public and private organization in a State? The NIST has a comprehensive framework for assessing cybersecurity but for small companies with limited expertise or funding, this process is not possible to reasonably complete. Indiana Governor's Executive Council on Cybersecurity and Purdue University collaborated in conducting a Cybersecurity Scorecard Pilot to aid the improvements in cybersecurity across their state. The Cybersecurity Scorecard included several targeted objectives:

• Enable non-cybersecurity experts to confidently learn, self-assess, and initiate cybersecurity improvement.
• Enable public and private executives to identify systemic cybersecurity issues
• Provide a means of comparing preparedness across public and private critical infrastructure and key resource sectors within the state.
• Utilize standards and measurements that support "apples to apples" comparison.

Presentation will describe Indiana's Cybersecurity Scorecard's development process, pilot launch, and initial findings.