Return to Homepage


Home   |   Site Map   |   Privacy   |   Contact Us   |   RSS YouTube Twitter Linked In Facebook NASCIO Community
committees
Email This Page     |     Print This Page     |    
Comments?     |     Share This Link

COMMITTEES   |   Security & Privacy Committee

About the Committee


Issue Statement: To preserve government's ability to serve citizens, state CIOs must help protect state IT systems and services, while preserving the privacy of personal and sensitive information within those systems. State governments meet this obligation in the context of the larger IT network that interconnects state, local, and federal systems and allows direct citizen interaction with government programs and services through the Internet. A major focus is integration and coordination of federal, state, local government, and private sector efforts that further a national cyber security agenda.

Goals and Objectives: Support NASCIO's strategic objective of protecting the information technology infrastructure of the twenty-first century.

The committee focuses on the intersection between security and privacy to help state CIOs formulate high-level security and data protection policies and technical controls to secure the states' information systems and protect the personal and sensitive information within them. The committee monitors new security and privacy threats created by emerging technologies, as well as federal privacy and security legislation for collateral impact on the states. The committee fulfills NASCIO's goals of strengthening state CIOs' awareness of important IT issues and promoting the sharing of best practices, experiences and expertise.

Committee Roster

Co-Chair:
Michael Cockrill, State of Washington
  Co-Chair:
Mark Raymond, State of Connecticut

Sue Adams, Commonwealth of Massachusetts
Cinnamon Albin, State of Oregon
Michael Aliperti, Center for Internet Security
Daren Arnold, State of Ohio
Kannan Arunachalam, Unisys
Troy Arwine, Microsoft
Erik Avakian, Commonwealth of Pennsylvania
Bharanedaran Balasubramanian, Deloitte Consulting LLP
David Ballard, CenturyLink
Vik Bansal, Deloitte Consulting LLP
David Bear, CenturyLink
Chris Bennett, District of Columbia
Michael Berman, Datacard
Tim Blevins, CGI Technologies & Solutions Inc.
Claudia Boldman, Commonwealth of Massachusetts
Bret Brasso, FireEye Inc
Mr. David Brown, State of Ohio
Gary Buonacorsi, EMC Corporation
Dana Burmaster, State of Wisconsin
Kevin Burns, Commonwealth of Massachusetts
Chris Buse, State of Minnesota
John Byers, State of Kansas
Elizabeth Caldwell, MPA, State of New Jersey
David Carter, Commonwealth of Kentucky
Victor Chakravarty, State of Maine
Todd Crosby, State of Hawai'i
Justin Dew, HID Global
Rafael C Diaz, State of Illinois
Domenic S DiLullo, Accenture
Jack Doane, State of Alabama
James Doucette, NIC
Dan Durgin, State of Maine
Joe Ellington, HP
Julie Evans, Center for Internet Security
John Thomas Flynn, TechLeader.TV
Mr. Andy Ford, NIC
Mark Ford, Deloitte Consulting LLP
Crystal Fox, Commonwealth of Pennsylvania
Jeff Franklin, State of Iowa
Chad Grant, NASCIO
Tim Hastings, State of Utah
Rick Hedeman, EMC Corporation
Mitch Herckis, NASCIO
Anthony Hernandez, Grant Thornton LLP
Chris Hobbs, State of Nebraska
Chad Holmes, FireEye
Henry Horton,
Christopher Ipsen, State of Nevada
Jeff Irby, Unisys
Laura Iwan, Center for Internet Security
Cynthia Izzo, KPMG LLP
Ms. Jana M Jackson, ViON Corporation
  Jack Johnson, Motorola Solutions
Agnes Kirk, State of Washington
Peter Kirkwood, MorphoTrust USA
James Knopka, AT&T
David N Kroening, State of New York
Paul Laurent, Oracle USA Inc.
Katrina LeMay, Commonwealth of Kentucky
Mike Lettman, State of Arizona
Mr. Samuel Loewner, MAXIMUS Inc.
Daniel J Lohrmann, State of Michigan
Enoch Long, Splunk Inc.
Sanjay Macwan, AT&T
Alisanne Maffei, State of Nevada
Mike Malik, State of Delaware
Mark McChesney, Commonwealth of Kentucky
Stuart McKee, Microsoft
Frank Morrow, Commonwealth of Pennsylvania
Mr. Robert A Myles, Symantec
Stephen Newell, IBM
Brendan M Peter, CA Technologies
Ted Pibil, Harford County, MD Government
Lynne Pizzini, State of Montana
Mark Reardon, State of Georgia
Pyreddy Reddy, State of North Carolina
James A Richards, III, State of West Virginia
Caroline Rinker, Symantec
Charles Robb, Commonwealth of Kentucky
Doug Robinson, NASCIO
Michele Robinson, State of California
Michael Roling, State of Missouri
Renault Ross, Symantec
Mike Russo, State of Florida
Eric Simon, HP
Thomas D. Smith, State of New York
Deborah Snyder, State of New York
Elaine A. Solomon, HP
Karen Sorady, State of New York
Tad Stahl, State of Indiana
Chris Stanley, State of New York
Elayne Starkey, State of Delaware
Srini Subramanian, Deloitte Consulting LLP
Kathleen Synstegaard, Datacard
Herb Thomas Thompson, State of Wisconsin
Lisa Thompson, NASCIO
Jonathan Trull, State of Colorado
Carlos Valarezo, Symantec
Marcos Vieyra, State of South Carolina
Meredith Ward, NASCIO
Kip Welty, Novell Inc.
Samantha Wenger, NASCIO
David Williams, State of West Virginia
Mike Wyatt, Deloitte Consulting LLP
 

Committee Publications

Capitals in the Clouds Part IV – Cloud Security: On Mission and Means Capitals in the Clouds Part IV – Cloud Security: On Mission and Means
May 2012
This brief presents an emphasis on the cultural and organizational aspects of cloud computing. “Cloud services” imply shared services. When agencies come together to share such a resource there will necessarily have to be an evaluation of the variance in security policies in place in the various partner agencies. Engaging external cloud services can be quite risky if such services have not been properly vetted by state security staff. Much education, awareness, and ongoing communication will be required to ensure state government employees are fully aware of the risks of external cloud services. The imperative for states is to stay connected and maintain the dialogue, sharing intentions and solutions, as state government moves forward with adoption of cloud services. Cloud is not the only solution or avenue for sharing resources. When it is the right solution, it must be employed with proper attention to the security aspects of cloud services, particularly with external cloud services.

NASCIO Cybersecurity Awareness Resource Guide NASCIO Cybersecurity Awareness Resource Guide
September 2013

For the 2013 observance of National Cyber Security Awareness Month, NASCIO has updated its Resource Guide for State Cybersecurity Awareness, Education, and Training Initiatives. The guide includes new information from our state members, who provided examples of state awareness programs and initiatives. This is an additional resource of best-practice information, together with an interactive state map to allow users to drilldown to the actual resources that states have developed or are using to promote cyber awareness. It includes contact information for the CISO, hyperlinks to state security and security awareness pages, and information describing cybersecurity awareness, training, and education initiatives.

The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.


Capitals in the Clouds Part V: Advice from the Trenches on Managing the Risk of Free File Sharing Cloud Services Capitals in the Clouds Part V: Advice from the Trenches on Managing the Risk of Free File Sharing Cloud Services
April 2013

Cloud-based file sharing solutions have become very popular and certainly a growing and significant part of day-to-day computing. It is easy to see why these services are attractive to state government users after using them in many facets of their personal life. With a wide variety of choices in the market, these solutions are easy to access, configure and use. They support multiple devices (especially mobile), and data in multiple formats. The most important consideration for state employee users – these file sharing services are free. Since the release of the 2012 NASCIO and Deloitte Cybersecurity Study, more security and policy questions have been raised on the use of free cloud services by states. In addition to the May 2012 Capitals in the Clouds IV guidance on rogue cloud users, states have continued to seek out leading practices on how to put the proper controls in place, meet security standards, craft acceptable use policies, and identify the open records and legal concerns regarding terms of service. This brief helps to provide real experience from Commonwealth of Pennsylvania on free cloud services.


NASCIO Cyber Security Awareness Resource Guide NASCIO Cyber Security Awareness Resource Guide
October 2012

For the 2012 observance of National Cyber Security Awareness Month, NASCIO has updated its Resource Guide for State Cyber Security Awareness, Education, and Training Initiatives. The guide includes new information from our state members, who provided examples of state awareness programs and initiatives. This is an additional resource of best-practice information, together with an interactive state map to allow users to drilldown to the actual resources that states have developed or are using to promote cyber awareness. It includes contact information for the CISO, hyperlinks to state security and security awareness pages, and information describing cyber security awareness, training, and education initiatives.

The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.


Staff contact: Chad Grant
Phone: (859) 514-9148
E-mail: cgrant@NASCIO.org

.

National Information Exchange Model Shared Ideas Checklist: CLC Thoughts on Leveraging IT in a Tough Economy On The Fence: IT Implications of the Health Benefit Exchanges