NASCIO Awards

AWARDS & RECOGNITION

2008 Awards: Information Security & Privacy

RECIPIENT:
Virginia - Interlocking Spheres of Collaborative Protection

Information technology is increasingly the foundation and backbone for all business, including government business. Parallel needs for efficiency and economy in government operations continue to drive adoption of IT solutions for providing government business service delivery to citizens. Accordingly, the need to protect the sensitive information involved in digital government has increased exponentially as security threats evolve and attacks increase at an ever accelerating rate. This threat environment requires government to adopt a security posture that is both nimble and impenetrable by virtue of depth.

This vital need unfortunately was not being adequately met as recently as 2006, when Virginia had an aging, inefficient IT infrastructure and numerous operational security risks. There were more than 90 autonomous IT shops in agencies, and 60 percent of the equipment in use was from eight to 10 years old. Further, the state’s primary data center was rated a security risk. These factors combined to create an operational landscape fraught with unacceptable risk for hacking and security intrusions.

To achieve the rigorous security posture required to protect its citizens and grow secure digital applications, the Chief Information Officer of the Commonwealth and the Virginia Information Technologies Agency (VITA) were charged with implementing appropriate standards and processes to ensure information security. Today, the Commonwealth of Virginia has developed a collaborative approach to information security that employs interlocking spheres of security. These include the:

Top-down sphere
Peer to peer sphere
IT security program sphere
Infrastructure sphere
External sphere

Close collaboration across the interlocking spheres allows Virginia government entities to leverage ideas, knowledge and resources to strengthen the information security posture of the Commonwealth. Adoption and promotion of information security needs by executive and elected leaders provides a top-down emphasis that increases awareness and compliance at all levels of government.

This approach has greatly elevated awareness of information security needs, enabled strong partnerships at all levels of government and facilitated new strategies for defense, creating a model that can be adopted by others pursuing similar goals.

“There are vigorous debates about ‘core’ government services. Whether it’s health, education, transportation or public safety, there is nothing more ‘core’ to effective government than trust. Virginians entrust sensitive information to us daily. As we expand service options, protection of sensitive information must be ‘core.’ Virginia long has recognized responsibility for security does not end at the IT department’s door—it is an executive priority requiring collaboration, education, and action. I am proud of Virginia’s comprehensive information security program, involving all branches and localities at all levels. Together, we’ve improved our security posture and deepened our core trust with Virginians.”
....Lemuel C. Stewart Jr, Chief Information Officer, Commonwealth of Virginia

FINALISTS:
Click on the title to download program submission.

Michigan
Utilizing PCI Compliance to Improve Enterprise Risk Management

Pennsylvania
Commonwealth of Pennsylvania: Security Incident Response Process

OTHER NOMINATIONS:
Click on the title to download program submission.

Delaware
Delaware's Cyber Security Awareness Program

Kentucky
Kentucky Department of Education Cuts SPAM with Hosted E-Mail Filtering Solution

Maine
Enterprise Certificate Services

Minnesota
Information Security Assessment Program

New York
Multi-media, Web-based E-Learning Security Training Program

Oklahoma
Oklahoma Computer Crimes Alliance

Utah
Enterprise Security Assessment

Return to 2008 Awards Main Page