There needs to be more managerial attention to information security, with a closer connection between director and the chief information security officer (CISO). The CISO has a pivotal role within the municipal organization to ensure that the right actions are taken regarding information security. This is the conclusion of the Information Security Visiting Committee after visiting the colleges and CISOs of 120 municipalities.
The review committee notes that it is important in all cases that the CISO is independently positioned, has a direct reporting line to the (ultimately responsible) city clerk and the (administrative) portfolio holder and has periodic consultation with them. In addition, the CISO must be connected to the official organization and the primary process. However, it is not feasible (nor is it his role) for a CISO to be closely involved in the specific work processes. The review committee sees an important role for the IBD in strengthening the position and role of the CISO.
The IBD supports raising and maintaining the level of information security of Dutch municipalities from the strength of the collective. The IBD gives explicit attention to strengthening the position of the municipal CISO and has developed a CISO Toolkit for this purpose.
The CISO Toolkit contains a number of IBD's well-known products, supplemented by a number of new products. The products marked with an * are new:
The draft IBD Threat Assessment of Dutch Municipalities 2017 - this is available on the (private) IBD Community and will be further developed in collaboration with municipalities in the near future.*
The IBD Crisis Game - The existing crisis game has had an update and includes a new action in addition to some new videos.* The crisis game is available to participants who have taken the train-the-trainer course for this purpose.
The IBD monthly monitor - the monthly monitor provides an overview of relevant developments in the field of information security in the municipal context. The IBD provides general advice in the monthly monitor in line with the information security baseline.
In cooperation with the VNG Academy, the IBD is organizing four workshop meetings for CISOs: "Advising boards and management - explore your role and speak the same language." During this workshop, participants will work to find answers to questions such as: Do you understand the language of your board and management? How do you empower your director to make balanced decisions? When do you sound the alarm when you identify a risk and is the timing right?
On the IBD community, we are introducing the CISO registry. CISOs from municipalities can already indicate in their personal profile that they hold the position. New search functionality will soon allow CISOs to be findable by other members of the IBD Community. This search functionality is planned for the end of October 2017.*
Two-day Advisory Skills Training for CISOs developed by the VNG Academy in cooperation with the IBD.*
The CISO Toolkit will be further expanded and developed with municipalities in the coming period.
