COMMITTEES   |   Security & Privacy Committee

About the Committee

Committee Charge (2009-10 Program Year):
This committee's charge is to support NASCIO’s strategic objective of protecting the information technology infrastructure of the twenty-first century. To preserve government’s ability to serve citizens, State CIOs must help protect state IT systems and services, while preserving the privacy of personal and sensitive information within those systems. State governments meet this obligation in the context of the larger IT network that interconnects state, local, and federal systems and allows direct citizen interaction with government programs and services through the Internet. A major focus is integration and coordination of federal, state, local government and private sector efforts that further national cyber security agenda.

The committee focuses on the intersection between security and privacy to help State CIOs formulate high-level security and data protection policies and technical controls to secure the states information systems and protect the personal and sensitive information within them. The committee monitors new security and privacy threats created by emerging technologies, as well as federal privacy and security legislation for collateral impact on the states. The committee fulfills NASCIO’s goals of strengthening State CIOs awareness of important IT issues and promoting the sharing of best practices, experiences and expertise.

Potential topics and/or deliverables to be addressed in the program year include but are not limited to:

• Cloud Computing – security implications of cloud computing
• National Incident Response Plan
• Consensus Audit Guidelines
• Identity and Access Management
• Web 2.0 / Social media security
• Virtualization – protecting virtualized applications and data
• Wireless network security
• Promoting general IT security awareness and a better understanding of security requirements among the current IT workforce, state employees and contractors
• Other topics as needed
• All-state conference calls, webinars or briefing by IT security experts

Committee Roster

Co-Chair: Joe Fleckinger, State of Oklahoma

Co-Chair: Michael W Locatis, State of California

Daren Arnold, State of Ohio Troy Arwine, Microsoft Chris Bennett, District of Columbia Chris Buse, State of Minnesota Trent Carpenter, State of Michigan Todd Crosby, State of Hawaii Denise Cushaney, CDW-G Tim Davis, Breck DeWitt, EMC Corporation James Doucette, NIC Anand Dubey, State of Alaska Brian Fuller, Deloitte Consulting LLP Rob Funk, INPUT Ann Garrett, State of North Carolina Jason Gunnoe, State of Tennessee Henry Horton, Accenture Christopher Ipsen, State of Nevada Tom Jarrett, LexisNexis Bob Kennedy, Compuware Corporation Larry G Kettlewell, State of Kansas Agnes Kirk, State of Washington Cliff Koch, Novell Inc David N Kroening, State of New York Mike Lettman, State of Wisconsin Sanjay Macwan, AT&T Alisanne Maffei, State of Nevada

Theresa Masse, State of Oregon Mike Maxwell, Symantec Mark McChesney, Commonwealth of Kentucky Lynn McNulty, ISC2 Stephen Newell, IBM Ken Ontko, State of Oklahoma Kym Patterson, State of Arkansas William Perez, State of Texas Jim A Richards, State of West Virginia Caroline Rinker, Juniper Networks Michael Roling, State of Missouri Carter Schoenberg, Motorola Richard Smothermon, Commonwealth of Kentucky Tad Stahl, State of Indiana Samantha Stamper, State of West Virginia Elayne Starkey, State of Delaware Knute Steel, BDNA Srini Subramanian, Deloitte Consulting LLP David Taylor, State of Florida Tony Tortorice, State of Washington Kimberly Trapani, State of Ohio David Tucker, State of Vermont Blaine Vajda, Guidance Software Inc Carlos Valarezo, Symantec Mark Weatherford, State of California Kip Welty, Novell Inc

NASCIO State Member Alert!

Background on the NIPP:
The IT SSP supports the overall NIPP that provides a unifying structure for the integration of critical infrastructures and key resources protection efforts into a single program. The NIPP identifies 17 sectors, including IT, energy, transportation, telecommunications, commercial facilities and banking and finance.

• View the NIPP

Committee Publications

• Publications Archive

Security at the Edge: Protecting Mobile Computing Devices Part II: Policies on the Use of Personally Owned Smartphones in State Government
March 2010
Due to the pervasive use of personally owned smartphones in the U.S., practical concerns have arisen around state employee requests to use these devices for state business. The potential for security incidents and data breaches is a practical concern that state CIOs and CISOs must address when establishing security standards. While these devices make the work lives of employees less complicated, and perhaps reduce state IT acquisition costs, officials must once again face the classic dilemma of balancing risks and rewards. Policies on the Use of Personally Owned Smartphones in State Government highlights the trend toward states establishing security policies and standards for connecting personally owned smartphones to government networks.

Resource Guide for State Cyber Security Awareness, Education, and Training Initiatives
September 2009
For the observance of the sixth annual National Cyber Security Awareness Month, NASCIO has created a Resource Guide of examples of state awareness programs and initiatives. The compendium augments previously gathered information with data from a just-completed, short survey of state CISOs. It includes links to state security awareness pages, contact information for state CISOs, and information describing cyber security awareness, training, and education initiatives that target four categories: Executives/Elected Officials; Citizens; State Workers; and IT Security Personnel.

The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.

For more information, please contact Charles Robb, NASCIO Senior Policy Analyst, at CRobb@amrms.com or (859) 514-9209.