New state law in 2016 will require at least 35 state agencies and entities to undergo security audits each year. California CIO Carlos Ramos says vendors should keep an eye on this heading into next year because it could be an opportunity for firms to work with the state.
"Some of those [audits] will be done by our own [California] Military Department, but they only have a staff of four or five folks doing those things. Thirty-five agencies each year have to be assessed, so I would anticipate there is going to be some opportunities there for independent parties — for third parties, the vendor community that are focused on cybersecurity assessments — to come in and bid, and help these different agencies out," Ramos said last week at the State of Technology Industry Forum in Sacramento on Dec. 1.
Ramos said the California Department of Technology also will continue with its own compliance audit program to ensure state agencies are following current practices and requirements, and participating in the state's new Cybersecurity Integration Center.
"The other things that's going to happen too, frankly, between those audits and our assessments [is] there are going to be gaps identified, so departments are going to be tasked with addressing those gaps — and I think they're going to need a lot of help in doing that," Ramos said.
Assemblymember Jacqui Irwin, D-Thousand Oaks, sponsored AB 670, which is enacting the new cybersecurity assessment benchmark. The Governor's Office announced the new cross-agency Cybersecurity Integration Center shortly after a critical state audit found that most state departments weren't fully complying with existing security reporting requirements.
