COMMITTEES   |   Security & Privacy Committee

About the Committee

Committee Charge (2009-10 Program Year):
This committee's charge is to support NASCIO’s strategic objective of protecting the information technology infrastructure of the twenty-first century. To preserve government’s ability to serve citizens, State CIOs must help protect state IT systems and services, while preserving the privacy of personal and sensitive information within those systems. State governments meet this obligation in the context of the larger IT network that interconnects state, local, and federal systems and allows direct citizen interaction with government programs and services through the Internet. A major focus is integration and coordination of federal, state, local government and private sector efforts that further national cyber security agenda.

The committee focuses on the intersection between security and privacy to help State CIOs formulate high-level security and data protection policies and technical controls to secure the states information systems and protect the personal and sensitive information within them. The committee monitors new security and privacy threats created by emerging technologies, as well as federal privacy and security legislation for collateral impact on the states. The committee fulfills NASCIO’s goals of strengthening State CIOs awareness of important IT issues and promoting the sharing of best practices, experiences and expertise.

Potential topics and/or deliverables to be addressed in the program year include but are not limited to:

• Cloud Computing – security implications of cloud computing
• National Incident Response Plan
• Consensus Audit Guidelines
• Identity and Access Management
• Web 2.0 / Social media security
• Virtualization – protecting virtualized applications and data
• Wireless network security
• Promoting general IT security awareness and a better understanding of security requirements among the current IT workforce, state employees and contractors
• Other topics as needed
• All-state conference calls, webinars or briefing by IT security experts

Committee Roster

Co-Chair: Dick Clark, State of Montana

Co-Chair: David Taylor, State of Florida

Patricia Arcano, ActivIdentity Daren Arnold, State of Ohio Troy Arwine, Microsoft Erik Avakian, Commonwealth of Pennsylvania David Ballard, CenturyLink Gena Bane, Good Technology Vik Bansal, Deloitte Consulting LLP DeLaine Bender, NASCIO Chris Bennett, District of Columbia Peter Berkel, EMC Corporation Michael Berman, Datacard Deborah Blanchard, Verizon Brian Blind, SunGard Availability Services Claudia Boldman, Commonwealth of Massachusetts Chris Buse, State of Minnesota Elizabeth Caldwell, MPA, State of New Jersey Victor Chakravarty, State of Maine Raj Chaudhary, Crowe Horwath LLP Todd Crosby, State of Hawai'i Denise Cushaney, CDW-G Justin Dew, ActivIdentity Breck DeWitt, EMC Corporation Rafael C Diaz, State of Illinois Jack Doane, State of Alabama James Doucette, NIC Edward J Driesse, State of Louisiana Brad Dupuy, HP Joe Ellington, HP John Thomas Flynn, Flynn, Kossick & Associates Inc Mr. Andy Ford, NIC Mark Ford, Deloitte Consulting LLP Jeff Franklin, State of Iowa Emily Gallt, NASCIO Ann Garrett, State of North Carolina John Glennon, Commonwealth of Massachusetts Chad Grant, NASCIO Jason Gunnoe, State of Tennessee Henry Horton, David Hunter, VMware Christopher Ipsen, State of Nevada Cynthia Izzo, KPMG LLP Bob Kennedy, Compuware Corporation Agnes Kirk, State of Washington Peter Kirkwood, L-1 Identity Solutions David N Kroening, State of New York Mischel Kwon, EMC Corporation Paul Laurent, Oracle USA Inc. Katrina LeMay, Commonwealth of Kentucky

Mike Lettman, State of Wisconsin Mr. Samuel Loewner, MAXIMUS Inc. Daniele Loffreda, Fujitsu Network Communications Sanjay Macwan, AT&T Alisanne Maffei, State of Nevada Mike Malik, State of Delaware Ms. Theresa Ann Masse, State of Oregon Mike Maxwell, Symantec Mark McChesney, Commonwealth of Kentucky Stuart McKee, Microsoft Lynn McNulty, ISC(2) Mary Mondragon, Avaya Inc Barry Moultrie, L-3 STRATIS Stephen Newell, IBM Kym Patterson, State of Arkansas John Paulson, State of Minnesota Brendan M Peter, CA Technologies Mark Reardon, State of Georgia Richard Reasner, State of Michigan Jim A Richards, State of West Virginia Charles Robb, NASCIO Doug Robinson, NASCIO Michele Robinson, State of California Stacy Roland, Verizon Michael Roling, State of Missouri Renault Ross, Symantec Kyle Schafer, State of West Virginia David Shaw, State of Ohio Eric Simon, HP John Skinner, Intel Thomas Smith, State of New York Cheryl Soderstrom, HP Elaine A. Solomon, HP Karen Sorady, State of New York Tad Stahl, State of Indiana Chris Stanley, State of New York Elayne Starkey, State of Delaware John Stehno, State of Oregon Srini Subramanian, Deloitte Consulting LLP Kathleen Synstegaard, Datacard Carlos Valarezo, Symantec Madhvi Verma, Motorola Solutions Lawrence Vigil, Symantec Thomas Warner, CA Technologies Kip Welty, Novell Inc. David Williams, State of West Virginia Mr. Steven Scott Young, Motorola Solutions

NASCIO State Member Alert!

Background on the NIPP:
The IT SSP supports the overall NIPP that provides a unifying structure for the integration of critical infrastructures and key resources protection efforts into a single program. The NIPP identifies 17 sectors, including IT, energy, transportation, telecommunications, commercial facilities and banking and finance.

• View the NIPP

Committee Publications

• Publications Archive

The Heart of the Matter: A Core Services Taxonomy for State IT Security Programs
October 2011

To ensure that IT security remains robust in the current difficult budget environment, the National Association of State Chief Information Officers (NASCIO) has identified a taxonomy of core, critical IT security services to facilitate the analysis of requirements, sourcing options, and costs for delivering appropriate security. For each of the twelve services that were identified, the brief includes a description, a list of the key activities associated with the service, and a list of tools that commonly support service delivery.

State Cyber Security Resource Guide: Awareness, Education, and Training Initiatives
September 2011

For the 2011 observance of National Cyber Security Awareness Month, NASCIO has updated its Resource Guide for State Cyber Security Awareness,Education, and Training Initiatives. The guide includes new information from our state members, who provided examples of state awareness programs and initiatives. This is an additional resource of best-practice information, together with an interactive state map to allow users to drilldown to the actual resources that states have developed or are using to promote cyber awareness. It includes contact information for the CISO, hyperlinks to state security and security awareness pages, and information describing cyber security awareness, training, and education initiatives.

The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.
 

For more information, please contact Charles Robb, NASCIO Senior Policy Analyst, at CRobb@amrms.com or (859) 514-9209.