COMMITTEES | Security & Privacy Committee
- About | Roster | Publications | Links
About the Committee
Issue Statement: To preserve government's ability to serve citizens, State CIOs must help protect state IT systems and services, while preserving the privacy of personal and sensitive information within those systems. State governments meet this obligation in the context of the larger IT network that interconnects state, local, and federal systems and allows direct citizen interaction with government programs and services through the Internet. A major focus is integration and coordination of federal, state, local government, and private sector efforts that further a national cyber security agenda.
Goals and Objectives: Support NASCIO's strategic objective of protecting the information technology infrastructure of the twenty-first century.
To preserve government's ability to serve citizens, State CIOs must help protect state IT systems and services, while preserving the privacy of personal and sensitive information within those systems. State governments meet this obligation in the context of the larger IT network that interconnects state, local, and federal systems and allows direct citizen interaction with government programs and services through the Internet. A major focus is integration and coordination of federal, state, local government, and private sector efforts that further a national cyber security agenda.
The Committee focuses on the intersection between security and privacy to help State CIOs formulate high-level security and data protection policies and technical controls to secure the states' information systems and protect the personal and sensitive information within them. The Committee monitors new security and privacy threats created by emerging technologies, as well as federal privacy and security legislation for collateral impact on the states. The Committee fulfills NASCIO's goals of strengthening State CIOs' awareness of important IT issues and promoting the sharing of best practices, experiences and expertise.
Committee Roster
Co-Chair:David Gustafson, State of Nevada |
Co-Chair:Mark Raymond, State of Connecticut |
|
Sue Adams, Commonwealth of Massachusetts Daren Arnold, State of Ohio Troy Arwine, Microsoft Erik Avakian, Commonwealth of Pennsylvania David Ballard, CenturyLink Vik Bansal, Deloitte Consulting LLP Chris Bennett, District of Columbia Peter Berkel, EMC Corporation Michael Berman, Datacard Deborah Blanchard, Verizon Tim Blevins, CGI Technologies & Solutions Inc. Claudia Boldman, Commonwealth of Massachusetts David Brown, State of Ohio Dana Burmaster, State of Wisconsin Kevin Burns, Commonwealth of Massachusetts Chris Buse, State of Minnesota John Byers, State of Kansas Elizabeth Caldwell, MPA, State of New Jersey Victor Chakravarty, State of Maine Raj Chaudhary, Crowe Horwath LLP Todd Crosby, State of Hawai'i Denise Cushaney, CDW-G Justin Dew, ActivIdentity Mr. Breck DeWitt, EMC Corporation Rafael C Diaz, State of Illinois Jack Doane, State of Alabama James Doucette, NIC Edward J Driesse, State of Louisiana Brad Dupuy, HP Dan Durgin, State of Maine Joe Ellington, HP Julie Evans, Center for Internet Security John Thomas Flynn, Flynn, Kossick & Associates Inc Mr. Andy Ford, NIC Mark Ford, Deloitte Consulting LLP Jeff Franklin, State of Iowa Chris Gardner, SecureKey Technologies John Glennon, Commonwealth of Massachusetts Chad Grant, NASCIO Jay Harmon, NSI Rick Hedeman, EMC Corporation Mitch Herckis, NASCIO Chris Hobbs, State of Nebraska Henry Horton, Christopher Ipsen, State of Nevada Cynthia Izzo, KPMG LLP Jack Johnson, Motorola Solutions Agnes Kirk, State of Washington Peter Kirkwood, MorphoTrust James Knopka, AT&T David N Kroening, State of New York | Mischel Kwon, EMC Corporation Paul Laurent, Oracle USA Inc. Katrina LeMay, Commonwealth of Kentucky Mike Lettman, State of Arizona Mr. Samuel Loewner, MAXIMUS Inc. Daniele Loffreda, Fujitsu Network Communications Daniel J Lohrmann, State of Michigan Sanjay Macwan, AT&T Alisanne Maffei, State of Nevada Mike Malik, State of Delaware Ms. Theresa Ann Masse, State of Oregon Mike Maxwell, Symantec Mark McChesney, Commonwealth of Kentucky Stuart McKee, Microsoft Lynn McNulty, ISC(2) Frank Morrow, Commonwealth of Pennsylvania Barry Moultrie, L-3 STRATIS Stephen Newell, IBM Kym Patterson, State of Arkansas Brendan M Peter, CA Technologies Mark Reardon, State of Georgia James A Richards, III, State of West Virginia Charles Robb, Commonwealth of Kentucky Doug Robinson, NASCIO Michele Robinson, State of California Stacy Roland, Verizon Michael Roling, State of Missouri Renault Ross, Symantec Eric Simon, HP John Skinner, Intel Thomas Smith, State of New York Deborah Snyder, State of New York Cheryl Soderstrom, HP Elaine A. Solomon, HP Karen Sorady, State of New York Tad Stahl, State of Indiana Chris Stanley, State of New York Elayne Starkey, State of Delaware Srini Subramanian, Deloitte Consulting LLP Kathleen Synstegaard, Datacard Herb Thomas Thompson, State of Wisconsin Lisa Thompson, NASCIO Carlos Valarezo, Symantec Madhvi Verma, Motorola Solutions Meredith Ward, NASCIO Kip Welty, Novell Inc. Samantha Wenger, NASCIO David Williams, State of West Virginia Kent Woodruff, Motorola Solutions Mr. Steven Scott Young, Motorola Solutions |
Committee Publications
Capitals in the Clouds Part IV – Cloud Security: On Mission and MeansMay 2012
This brief presents an emphasis on the cultural and organizational aspects of cloud computing. “Cloud services” imply shared services. When agencies come together to share such a resource there will necessarily have to be an evaluation of the variance in security policies in place in the various partner agencies. Engaging external cloud services can be quite risky if such services have not been properly vetted by state security staff. Much education, awareness, and ongoing communication will be required to ensure state government employees are fully aware of the risks of external cloud services. The imperative for states is to stay connected and maintain the dialogue, sharing intentions and solutions, as state government moves forward with adoption of cloud services. Cloud is not the only solution or avenue for sharing resources. When it is the right solution, it must be employed with proper attention to the security aspects of cloud services, particularly with external cloud services.
The Heart of the Matter: A Core Services Taxonomy for State IT Security Programs
October 2011
To ensure that IT security remains robust in the current difficult budget environment, the National Association of State Chief Information Officers (NASCIO) has identified a taxonomy of core, critical IT security services to facilitate the analysis of requirements, sourcing options, and costs for delivering appropriate security. For each of the twelve services that were identified, the brief includes a description, a list of the key activities associated with the service, and a list of tools that commonly support service delivery.
State Cyber Security Resource Guide: Awareness, Education, and Training Initiatives
September 2011
For the 2011 observance of National Cyber Security Awareness Month, NASCIO has updated its Resource Guide for State Cyber Security Awareness,Education, and Training Initiatives. The guide includes new information from our state members, who provided examples of state awareness programs and initiatives. This is an additional resource of best-practice information, together with an interactive state map to allow users to drilldown to the actual resources that states have developed or are using to promote cyber awareness. It includes contact information for the CISO, hyperlinks to state security and security awareness pages, and information describing cyber security awareness, training, and education initiatives.
The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.
Security at the Edge: Protecting Mobile Computing Devices
Part II: Policies on the Use of Personally Owned Smartphones in State Government
March 2010
Due to the pervasive use of personally owned smartphones in the U.S., practical concerns have arisen around state employee requests to use these devices for state business. The potential for security incidents and data breaches is a practical concern that state CIOs and CISOs must address when establishing security standards. While these devices make the work lives of employees less complicated, and perhaps reduce state IT acquisition costs, officials must once again face the classic dilemma of balancing risks and rewards. Policies on the Use of Personally Owned Smartphones in State Government highlights the trend toward states establishing security policies and standards for connecting personally owned smartphones to government networks.
For more information, please contact Charles Robb, NASCIO Senior Policy Analyst, at CRobb@amrms.com or (859) 514-9209.
