Connect with us

Hi, what are you looking for?


Incident Response

South Carolina Budget Proposal Seeks More Funds for IT Security

South Carolina Governor Nikki Haley has asked for $6.3 billion dollars in her budget plan that addresses the state’s fiscal calendar for 2013-14, which starts July 1. Of that, $47 million is for IT spending.

South Carolina Governor Nikki Haley has asked for $6.3 billion dollars in her budget plan that addresses the state’s fiscal calendar for 2013-14, which starts July 1. Of that, $47 million is for IT spending.

While $47 million in IT spending seems like a solid start for the state, Haley’s budget request would see 40% of those funds going to repay the South Carolina Budget and Control Board, who loaned the state $20 million in recovery funds for the massive data breach discovered in October.

South Carolina Map

The loan allowed for $12 million in fees for credit monitoring, $5.6 million for encryption and dual passwords at the SC Dept. of Revenue (where the breach happened), $1.3 million in notification costs, and a $750,000 to Mandiant for a generic breach report and assessment that was released in November. As part of the budget, Haley asked for $3,000,000 in non-recurring funds to be set aside for IT security improvements.

Earlier this month, IT officials within the state’s various agencies rated the overall level of information security as less than adequate. Marcia Adams, executive director of the State Budget and Control Board, said that the state doesn’t really know what they have in place with regards to existing IT security controls and solutions.

Of the budget’s remaining $16 million or so for IT spend, most of it will go towards securing a single vendor to help adopt a statewide plan for security, which would be controlled and managed from a single location. However, the RFP isn’t likely to be written until after the money is approved.

“This year, I am again recommending that SCITS be funded out of available non-recurring revenues, along with several other IT security projects in other agencies. These steps will help to secure our electronic systems and records, but as the initial reports on the data breach show, a serious approach to technology requires that we take an enterprise-wide perspective,” Haley said.

“The inescapable conclusion, as countless good-government advocates and editorial page-writers have observed in the past decade, is that it’s time for a Department of Administration,” she added.

Advertisement. Scroll to continue reading.

Related: Stolen Login Credentials, Poor Security Practices Led to South Carolina Data Breach

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.