Return to Homepage

Home   |   Site Map   |   Privacy   |   Contact Us   |   RSS YouTube Twitter Linked In Facebook Instagram NASCIO Community
Email This Page     |     Print This Page     |    
Comments?     |     Share This Link

COMMITTEES   |   Security & Privacy Committee

About the Committee

Issue Statement: To preserve government's ability to serve citizens, state CIOs must help protect state IT systems and services, while preserving the privacy of personal and sensitive information within those systems. State governments meet this obligation in the context of the larger IT network that interconnects state, local, and federal systems and allows direct citizen interaction with government programs and services through the Internet. A major focus is integration and coordination of federal, state, local government, and private sector efforts that further a national cyber security agenda.

Goals and Objectives: Support NASCIO's strategic objective of protecting the information technology infrastructure of the twenty-first century.

The committee focuses on the intersection between security and privacy to help state CIOs formulate high-level security and data protection policies and technical controls to secure the states' information systems and protect the personal and sensitive information within them. The committee monitors new security and privacy threats created by emerging technologies, as well as federal privacy and security legislation for collateral impact on the states. The committee fulfills NASCIO's goals of strengthening state CIOs' awareness of important IT issues and promoting the sharing of best practices, experiences and expertise.

Staff contact: Meredith Ward
Phone: (859) 514-9209

Committee Roster

Michael Cockrill, State of Washington
Mark Raymond, State of Connecticut

Sue Adams, Commonwealth of Massachusetts
Cinnamon Albin, State of Oregon
Michael Aliperti, Center for Internet Security
Daren Arnold, State of Ohio
Kannan Arunachalam, Unisys
Troy Arwine, Microsoft
Erik Avakian, Commonwealth of Pennsylvania
Bharanedaran Balasubramanian, Deloitte Consulting LLP
David Ballard, CenturyLink
Vik Bansal, Deloitte Consulting LLP
David Bear, CenturyLink
Chris Bennett, District of Columbia
Michael Berman, Datacard
Tim Blevins, CGI Technologies & Solutions Inc.
Claudia Boldman, Commonwealth of Massachusetts
Bret Brasso, FireEye
David Brown, State of Ohio
Gary Buonacorsi, EMC Corporation
Dana Burmaster, State of Wisconsin
Kevin Burns, Commonwealth of Massachusetts
Chris Buse, State of Minnesota
John Byers, State of Kansas
John Bys, Tripwire
Elizabeth Caldwell, MPA, State of New Jersey
David Carter, Commonwealth of Kentucky
Victor Chakravarty, State of Maine
Todd Crosby, State of Hawai'i
Justin Dew, HID Global
Rafael C Diaz, State of Illinois
Domenic S DiLullo, Accenture
Jack Doane, State of Alabama
James Doucette, NIC
Joe Ellington, HP
Julie Evans, Center for Internet Security
John Thomas Flynn, TechLeader.TV
Andy Ford, NIC
Mark Ford, Deloitte Consulting LLP
Crystal Fox, Commonwealth of Pennsylvania
Jeff Franklin, State of Iowa
Thomas Fruman, State of Georgia
Amy Glasscock, NASCIO
Tim Guerriero, State of Arizona
Tim Hastings, State of Utah
Rick Hedeman, EMC Corporation
Mitch Herckis, NASCIO
Anthony Hernandez, Grant Thornton LLP
Chris Hobbs, State of Nebraska
Chad Holmes, FireEye
Henry Horton,
Christopher Ipsen, State of Nevada
Jeff Irby, Unisys
Laura Iwan, Center for Internet Security
Cynthia Izzo, KPMG LLP
Jana M Jackson, ViON Corporation
Jack Johnson, Motorola Solutions
  Agnes Kirk, State of Washington
Peter Kirkwood, MorphoTrust USA
James Knopka, AT&T
David N Kroening, State of New York
Paul Laurent, Oracle USA Inc.
Katrina LeMay, Commonwealth of Kentucky
Mike Lettman, State of Arizona
Samuel Loewner, MAXIMUS Inc.
Enoch Long, Splunk Inc.
Alisanne Maffei, State of Nevada
Mike Malik, State of Delaware
Mark McChesney, Commonwealth of Kentucky
Stuart McKee, Microsoft
Frank Morrow, Commonwealth of Pennsylvania
Sarah Morrow, State of South Carolina
Jessica Mueller, NASCIO
Robert A Myles, Symantec
Stephen Newell, IBM
Kirk Norsworthy, Xerox
Dean Papa, Symantec
Meghan Penning, NASCIO
Brendan M Peter, CA Technologies
Ted Pibil, Harford County, Maryland
Lynne Pizzini, State of Montana
Mark Reardon, State of Georgia
Pyreddy Reddy, State of North Carolina
James A Richards, III, State of West Virginia
Trace Ridpath, State of Colorado
Caroline Rinker, Symantec
Charles Robb, Commonwealth of Kentucky
Doug Robinson, NASCIO
Michele Robinson, State of California
Michael Roling, State of Missouri
Renault Ross, Symantec
Mike Russo, State of Florida
Eric Simon, HP
Deborah Snyder, State of New York
Elaine A. Solomon, HP
Karen Sorady, State of New York
Mark Spreitzer, CGI Technologies & Solutions Inc.
Tad Stahl, State of Indiana
Chris Stanley, State of New York
Elayne Starkey, State of Delaware
Srini Subramanian, Deloitte Consulting LLP
Kathleen Synstegaard, Datacard
Herb Thomas Thompson, State of Wisconsin
Lisa Thompson, NASCIO
Carlos Valarezo, Symantec
Marcos Vieyra, State of South Carolina
Meredith Ward, NASCIO
Kip Welty, Novell Inc.
David Williams, State of West Virginia
Mike Wyatt, Deloitte Consulting LLP
Mr. Chul Yim, FireEye

Committee Publications

Capitals in the Clouds Part IV – Cloud Security: On Mission and Means Capitals in the Clouds Part IV – Cloud Security: On Mission and Means
May 2012
This brief presents an emphasis on the cultural and organizational aspects of cloud computing. “Cloud services” imply shared services. When agencies come together to share such a resource there will necessarily have to be an evaluation of the variance in security policies in place in the various partner agencies. Engaging external cloud services can be quite risky if such services have not been properly vetted by state security staff. Much education, awareness, and ongoing communication will be required to ensure state government employees are fully aware of the risks of external cloud services. The imperative for states is to stay connected and maintain the dialogue, sharing intentions and solutions, as state government moves forward with adoption of cloud services. Cloud is not the only solution or avenue for sharing resources. When it is the right solution, it must be employed with proper attention to the security aspects of cloud services, particularly with external cloud services.

Capitals in the Clouds Part VI: Cloud 
Procurement: From Solicitation to Signing
Capitals in the Clouds Part VI: Cloud Procurement: From Solicitation to Signing
April 2014

As first reported in the NASCIO/TechAmerica/Grant Thornton 2013 State CIO Survey, The Enterprise Imperative: Leading Through Governance, Portfolio Management, and Collaboration, states continue to turn to cloud solutions, with services such as email and storage remaining the most popular. 74% of respondents said that their state has some applications in the cloud. For several years now, the NASCIO has discussed the transition in the state information technology environment as state CIOs sought new approaches to traditional delivery models. The recession prompted state leaders to examine new approaches and leverage technology opportunities. The use of cloud services by state government is the most obvious manifestation of this transition. In 2011, NASCIO launched its Capitals in the Clouds series on this topic. Three years later, states continue to investigate and to leverage cloud solutions, software as a service (SaaS) and infrastructure as a service, with services such as email and data storage remaining the most popular.

NASCIO Cybersecurity Awareness Resource Guide NASCIO Cybersecurity Awareness Resource Guide
September 2013

For the 2013 observance of National Cyber Security Awareness Month, NASCIO has updated its Resource Guide for State Cybersecurity Awareness, Education, and Training Initiatives. The guide includes new information from our state members, who provided examples of state awareness programs and initiatives. This is an additional resource of best-practice information, together with an interactive state map to allow users to drilldown to the actual resources that states have developed or are using to promote cyber awareness. It includes contact information for the CISO, hyperlinks to state security and security awareness pages, and information describing cybersecurity awareness, training, and education initiatives.

The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.

Capitals in the Clouds Part V: Advice from the Trenches on Managing the Risk of Free File Sharing Cloud Services Capitals in the Clouds Part V: Advice from the Trenches on Managing the Risk of Free File Sharing Cloud Services
April 2013

Cloud-based file sharing solutions have become very popular and certainly a growing and significant part of day-to-day computing. It is easy to see why these services are attractive to state government users after using them in many facets of their personal life. With a wide variety of choices in the market, these solutions are easy to access, configure and use. They support multiple devices (especially mobile), and data in multiple formats. The most important consideration for state employee users – these file sharing services are free. Since the release of the 2012 NASCIO and Deloitte Cybersecurity Study, more security and policy questions have been raised on the use of free cloud services by states. In addition to the May 2012 Capitals in the Clouds IV guidance on rogue cloud users, states have continued to seek out leading practices on how to put the proper controls in place, meet security standards, craft acceptable use policies, and identify the open records and legal concerns regarding terms of service. This brief helps to provide real experience from Commonwealth of Pennsylvania on free cloud services.


NASCIO Community - Government Affairs Newsbrief Subscriptions NASCIO Connections