COMMITTEES | Security & Privacy Committee
- About | Roster | Publications | Links
About the Committee
Committee Charge (2009-10 Program Year):This committee's charge is to support NASCIO’s strategic objective of protecting the information technology infrastructure of the twenty-first century. To preserve government’s ability to serve citizens, State CIOs must help protect state IT systems and services, while preserving the privacy of personal and sensitive information within those systems. State governments meet this obligation in the context of the larger IT network that interconnects state, local, and federal systems and allows direct citizen interaction with government programs and services through the Internet. A major focus is integration and coordination of federal, state, local government and private sector efforts that further national cyber security agenda.
The committee focuses on the intersection between security and privacy to help State CIOs formulate high-level security and data protection policies and technical controls to secure the states information systems and protect the personal and sensitive information within them. The committee monitors new security and privacy threats created by emerging technologies, as well as federal privacy and security legislation for collateral impact on the states. The committee fulfills NASCIO’s goals of strengthening State CIOs awareness of important IT issues and promoting the sharing of best practices, experiences and expertise.
Potential topics and/or deliverables to be addressed in the program year include but are not limited to:
- Cloud Computing – security implications of cloud computing
- National Incident Response Plan
- Consensus Audit Guidelines
- Identity and Access Management
- Web 2.0 / Social media security
- Virtualization – protecting virtualized applications and data
- Wireless network security
- Promoting general IT security awareness and a better understanding of security requirements among the current IT workforce, state employees and contractors
- Other topics as needed
- All-state conference calls, webinars or briefing by IT security experts
Committee Roster
Co-Chair:Joe Fleckinger, State of Oklahoma |
Co-Chair:Michael W Locatis, State of Colorado |
|
Daren Arnold, State of Ohio Chris Bennett, District of Columbia Chris Buse, State of Minnesota Trent Carpenter, State of Michigan Todd Crosby, State of Hawaii Denise Cushaney, CDW-G Tim Davis, Oracle USA Inc Breck DeWitt, EMC Corporation James Doucette, NIC Anand Dubey, State of Alaska Brian Fuller, Deloitte Consulting LLP Rob Funk, INPUT Ann Garrett, State of North Carolina Jason Gunnoe, State of Tennessee Henry Horton, Accenture Christopher Ipsen, State of Nevada Tom Jarrett, LexisNexis Bob Kennedy, Compuware Corporation Larry G Kettlewell, State of Kansas Agnes Kirk, State of Washington Cliff Koch, Novell Inc David N Kroening, State of New York Mike Lettman, State of Wisconsin Sanjay Macwan, AT&T Alisanne Maffei, State of Nevada Theresa Masse, State of Oregon |
Mike Maxwell, Symantec Corporation Mark McChesney, Commonwealth of Kentucky Lynn McNulty, ISC2 Stephen Newell, IBM Ken Ontko, State of Oklahoma Kym Patterson, State of Arkansas William Perez, State of Texas Jim A Richards, State of West Virginia Caroline Rinker, Juniper Networks Michael Roling, State of Missouri Carter Schoenberg, Motorola Richard Smothermon, Commonwealth of Kentucky Tad Stahl, State of Indiana Samantha Stamper, State of West Virginia Elayne Starkey, State of Delaware Knute Steel, BDNA Srini Subramanian, Deloitte Consulting LLP David Taylor, State of Florida Tony Tortorice, State of Washington Kimberly Trapani, State of Ohio David Tucker, State of Vermont Blaine Vajda, Guidance Software Inc Carlos Valarezo, Symantec Corporation Mark Weatherford, State of California Kip Welty, Novell Inc |
NASCIO State Member Alert!
Background on the NIPP:The IT SSP supports the overall NIPP that provides a unifying structure for the integration of critical infrastructures and key resources protection efforts into a single program. The NIPP identifies 17 sectors, including IT, energy, transportation, telecommunications, commercial facilities and banking and finance.
Committee Publications
Resource Guide for State Cyber Security Awareness, Education, and Training InitiativesSeptember 2009
For the observance of the sixth annual National Cyber Security Awareness Month, NASCIO has created a Resource Guide of examples of state awareness programs and initiatives. The compendium augments previously gathered information with data from a just-completed, short survey of state CISOs. It includes links to state security awareness pages, contact information for state CISOs, and information describing cyber security awareness, training, and education initiatives that target four categories: Executives/Elected Officials; Citizens; State Workers; and IT Security Personnel.
The Resource Guide is a work-in-progress that should provide a valuable reference resource for Cyber Security Awareness Month, as well as the ongoing planning of security awareness and training efforts state programs may undertake thereafter.
Security at the Edge — Protecting Mobile
Computing Devices
July 2009
The business of government is increasingly conducted or supported by mobile computing devices as states adopt these tools to un-tether traditional office workers from their desks or employ them for a wide variety of purposes in the field. Use of mobile devices is so widespread that it is difficult to imagine how state governments can operate without them, given their increased computing power and the ease with which they may be integrated with state networks and databases via the Internet. At the same time, however, mobile devices are unusually vulnerable to loss, theft, mis-use, or misconfiguration, which can and does lead to the loss of sensitive data. Security at the Edge highlights the risks associated with uncontrolled use of mobile devices, and targets the standards and procedural controls that allow state CIOs to better secure them.
For more information, please contact Charles Robb, NASCIO Issues Coordinator, at CRobb@amrms.com or (859) 514-9209.
