"This case study describes how the Commonwealth of Virginia (the Commonwealth) has used laws, policies, structures, and processes to help govern cybersecurity as an enterprise-wide, strategic issue across state government and other public and private sector stakeholders. It explores cross-enterprise governance mechanisms used by Virginia across a range of common cybersecurity areas--strategy and planning, budget and acquisition, risk identification and mitigation, incident response, information sharing, and workforce and education. This case study is part of a pilot project intended to demonstrate how states use governance mechanisms to help prioritize, plan, and make cross-enterprise decisions about cybersecurity. It offers concepts and approaches to other states and organizations that face similar challenges. As this case covers a broad range of areas, each related section provides an overview of the Commonwealth's governance approach, rather than a detailed exploration. Individual states and organizations seeking greater detail would likely need to engage directly with the Commonwealth to better understand how to tailor solutions to their specific circumstances."
Department of Homeland Security: http://www.dhs.gov/