As a previous victim of a major ransomware attack, the City of Durham takes the maintenance and development of cyber security strategy extremely seriously. The Chief Information Officer (CIO) has made cybersecurity a major strategic component of all technology-related decisions and has empowered the Chief Technology Officer (CTO) with the resources required to execute the strategies. In addition, the program is staffed with a virtual Chief Information Security Officer (CISO) and a fulltime cyber security analyst as well as cyber security intern from North Carolina Central University. The leadership that the executives provides has permeated throughout the entire technology staff who consider the security impact of every decision that is made.
On an annual basis we develop a business case that demonstrates quantifiable value to the city for its investment in the cyber security program as well as challenging current investment to ensure that the City is gaining the best business, performance, and compliance value for each of the product and/or services in our portfolio. When benchmarked against IBM’s Security Annual Data Breach Report the City’s return on investment is over 300%.
While the City’s cyber security program is mature when viewed against nationally accepted frameworks, the City’s leadership is of the opinion there is always room to improve. Repeatable processes and continuous improvement are our goal.