Creating an IT Security Culture - Interview with Vermont CISO Kris Rowley
Published May 13, 2009
    Add to queue
    Copy URL
    Show notes
    As the first chief information security officer of Vermont, Kris Rowley's primary mission isn't to build an information security organization, but to create a culture of IT security and trust. In a state where many agencies operate their own independent information systems -- stovepipes, she calls them - encouraging agency heads and their IT staffs to adapt to new approaches proves to be a challenge, one she's willing to take on.

    "People have their own domains, and they're the lord of their domains, and that's where they feel comfortable," says Rowley, who's been on the job since last September. "Part of that is a trust issue, as well. There's now an office of CISO in the state, and that's new to people. That involves change, and as we all know, change is difficult."

    In an interview with Managing Editor Eric Chabrow, Rowley discusses how she plans to change old habits by fostering an information security culture in Vermont, as well as working to codify information assurance policies and procedures and looking to Washington for guidance and money.

    Rowley, in the interview, makes reference to the state of Vermont's website, aimed at educating citizens and government employees on information security. Click here to see that site.

        0:00:00 / 0:00:00