Search

West Virginia Gives CISO Greater Authority to Lead Statewide Cybersecurity Program

Founders, Analysts & Industry Voices
By Evan Rowe

Related

Founders, Analysts & Industry Voices

Trump Budget Proposal Would Cut Hundreds of Millions More From CISA

What happened A new federal budget proposal would cut hundreds...
Read more
Founders, Analysts & Industry Voices

West Virginia Gives CISO Greater Authority to Lead Statewide Cybersecurity Program

What happened West Virginia approved legislation that gives the state’s...
Read more
Cyber threats and incidents

Internet-Connected Coffee Machine Reportedly Led to Corporate Data Breach

What happened An internet-connected coffee machine reportedly led to a...
Read more
Cyber threats and incidents

Hackers Claim Massive Forex Trading Data Leak Could Expose 438,000 User Records

What happened A claimed Forex data leak is raising concerns...
Read more
Cyber threats and incidents

Ransomware Attack on Vivaticket Disrupts Louvre and Major European Museums

What happened A ransomware attack on Vivaticket disrupted online reservations...
Read more

Share

What happened

West Virginia approved legislation that gives the state’s chief information security officer greater authority to lead and standardize cybersecurity efforts across state government. Gov. Patrick Morrisey signed the measure on Thursday. The law directs the state’s Cybersecurity Office, led by Leroy Amos within the Office of Technology, to develop statewide cybersecurity policies and standards as a framework for uniform compliance with industry best practices. The bill was brought forward at the request of the state’s Department of Administration after a legislative audit found the state had not implemented a statewide cybersecurity framework to the specifications required in statute. 

Who is affected

The direct impact falls on West Virginia state government agencies and the state’s Cybersecurity Office, which is now tasked with implementing more consistent statewide cybersecurity standards. The legislation is aimed at creating a more centralized approach to compliance and oversight across agencies rather than relying on separate ad hoc efforts. 

Why CISOs should care

This move matters because it strengthens centralized cyber governance at the state level and gives the CISO a clearer mandate to drive uniform standards across government systems. It also follows an audit that found gaps between what state law required and what had actually been rolled out, showing how governance, reporting, and implementation can become legislative and operational issues when statewide programs are not fully executed. 

3 practical actions

  1. Use audit findings to tighten cyber governance: Treat external reviews and legislative audits as opportunities to close the gap between documented cybersecurity requirements and actual statewide implementation. 
  2. Centralize standards where oversight is fragmented: Build a single framework for cybersecurity policies and compliance when agency-by-agency efforts are creating uneven protection and reporting. 
  3. Clarify CISO authority in statute or policy: Ensure the security leader has explicit authority to set standards, oversee rollout, and monitor compliance across the enterprise. 

For more news about government cyber governance and statewide security modernization, click Cybersecurity to read more.

Previous article
Internet-Connected Coffee Machine Reportedly Led to Corporate Data Breach
Next article
Trump Budget Proposal Would Cut Hundreds of Millions More From CISA
Founders, Analysts & Industry Voices

Trump Budget Proposal Would Cut Hundreds of Millions More From CISA

What happened A new federal budget proposal would cut hundreds...
Cyber threats and incidents

Internet-Connected Coffee Machine Reportedly Led to Corporate Data Breach

What happened An internet-connected coffee machine reportedly led to a...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.