Government Information Security Podcast

Navy CIO Robert Carey was among the first federal CIOs to embrace blogging as a way to keep in touch with his various constituencies, including officers and sailors. Carey believes steps can be taken to embrace new technologies while maintaining security. In this second of two parts of an exclusive interview, Carey discusses: Securing the new Navy-Marine intranet to debut next year; How the Navy employs social networking, though with some security restrictions; and Plans to implement secure cloud computing as a way to exploit technical efficincies. Carey joined the Navy's Office of CIO in 2000, regularly being elevated from e-business team leader, to director of the Smart Card Office, to deputy CIO for policy and integration to CIO. Previously, Carey served in a variety of engineering and program management leadership positions within the Navy's acquisition community in the undersea warfare domain. A 1982 graduate of the University of South Carolina with a BS in engineering, Carey earned a master of engineering management degree from George Washington University in 1995. As an active member of the Naval Reserve, he holds the rank of commander in the Civil Engineer Corps, Carey was recalled to duty for Operation Desert Storm and more recently as part of a Marine expeditionary force in Iraq's Al Anbar province.

Information Security is among the top priorities for departmental and agency chief information officers, and no one knows that better than Navy CIO Robert Carey, who carries the double duty of co-chairing the federal CIO Council's Committee on Information Security and Identity Management. In this first of two parts of an exclusive interview, Carey discusses: Information security initiatives being tackled by the CIO Council panel he co-chairs with Justice Department CIO Vance Hitch; How the Federal Information Security Management Act benefited government IT security; and Why he feels there's no need for a separate Chief Information Security Officer Council. Carey joined the Navy's Office of CIO in 2000, regularly being elevated from e-business team leader, to director of the Smart Card Office, to deputy CIO for policy and integration to CIO. Previously, Carey served in a variety of engineering and program management leadership positions within the Navy's acquisition community in the undersea warfare domain. A 1982 graduate of the University of South Carolina with a BS in engineering, Carey earned a master of engineering management degree from George Washington University in 1995. As an active member of the Naval Reserve, he holds the rank of commander in the Civil Engineer Corps, Carey was recalled to duty for Operation Desert Storm and more recently as part of a Marine expeditionary force in Iraq's Al Anbar province.

Information Security is among the top priorities for departmental and agency chief information officers, and no one knows that better than Navy CIO Robert Carey, who carries the double duty of co-chairing the federal CIO Council's Committee on Information Security and Identity Management. In this first of two parts of an exclusive interview, Carey discusses: Information security initiatives being tackled by the CIO Council panel he co-chairs with Justice Department CIO Vance Hitch; How the Federal Information Security Management Act benefited government IT security; and Why he feels there's no need for a separate Chief Information Security Officer Council. Carey joined the Navy's Office of CIO in 2000, regularly being elevated from e-business team leader, to director of the Smart Card Office, to deputy CIO for policy and integration to CIO. Previously, Carey served in a variety of engineering and program management leadership positions within the Navy's acquisition community in the undersea warfare domain. A 1982 graduate of the University of South Carolina with a BS in engineering, Carey earned a master of engineering management degree from George Washington University in 1995. As an active member of the Naval Reserve, he holds the rank of commander in the Civil Engineer Corps, Carey was recalled to duty for Operation Desert Storm and more recently as part of a Marine expeditionary force in Iraq's Al Anbar province.

"Knowledge is the currency of the future," says Sidney Pearl, Global Director of Enterprise Security Solution management for the Unisys Global Financial Services business. And according to the latest Unisys Security Index, Americans are getting much smarter - and more demanding - about the basic information security they expect from government and businesses. In an exclusive interview, Pearl discusses: Results of the latest Unisys Security Index; The security topics that mean the most to U.S. consumers; What these findings mean for government agencies and banking institutions. Pearl's Enterprise Security Solutions Management Group has worldwide responsibility for defining and managing the company's Fraud, Risk Management and Enterprise Security services offerings for the financial industry. Unisys provides Security Business Operations services and solutions to financial services clients in over 40 countries.

"Knowledge is the currency of the future," says Sidney Pearl, Global Director of Enterprise Security Solution management for the Unisys Global Financial Services business. And according to the latest Unisys Security Index, Americans are getting much smarter - and more demanding - about the basic information security they expect from government and businesses. In an exclusive interview, Pearl discusses: Results of the latest Unisys Security Index; The security topics that mean the most to U.S. consumers; What these findings mean for government agencies and banking institutions. Pearl's Enterprise Security Solutions Management Group has worldwide responsibility for defining and managing the company's Fraud, Risk Management and Enterprise Security services offerings for the financial industry. Unisys provides Security Business Operations services and solutions to financial services clients in over 40 countries.

It's a simple proposition for successful applicants to the Scholarship for Service (SFS) Program: Get your information security education paid for, and then come work for the U.S. government. "It's one of the most generous scholarships I've ever seen," says Victor Piotrowski, Lead Program Director of SFS for the National Science Foundation. In an exclusive interview, Piotrowski discusses: The origins of SFS; How students can apply; Where graduates are finding jobs. Before joining NSF, Piotrowski served as a Professor and Chair of the Computer Science Department at the University of Wisconsin. He previously held faculty positions at the North Dakota State University and at the Institute of Informatics in Poland. He has a 10-year experience in research, teaching and consulting in Information Assurance (IA) and holds several IA certifications including Certified Information Systems Security Professional and SANS Institute GIAC Incident Handler. He also serves on the SANS GIAC advisory board.

It's a simple proposition for successful applicants to the Scholarship for Service (SFS) Program: Get your information security education paid for, and then come work for the U.S. government. "It's one of the most generous scholarships I've ever seen," says Victor Piotrowski, Lead Program Director of SFS for the National Science Foundation. In an exclusive interview, Piotrowski discusses: The origins of SFS; How students can apply; Where graduates are finding jobs. Before joining NSF, Piotrowski served as a Professor and Chair of the Computer Science Department at the University of Wisconsin. He previously held faculty positions at the North Dakota State University and at the Institute of Informatics in Poland. He has a 10-year experience in research, teaching and consulting in Information Assurance (IA) and holds several IA certifications including Certified Information Systems Security Professional and SANS Institute GIAC Incident Handler. He also serves on the SANS GIAC advisory board.

From the Heartland data breach to the new Massachusetts data protection law, privacy is the hot topic in business and government. In an exclusive interview, Peter Kosmala, assistant director of the International Association of Privacy Professionals (IAPP), discusses: The top privacy topics in business and government; How organizations are tackling these issues; The potential impact of state and federal privacy legislation; The value of the Certified Information Privacy Professional (CIPP) credential. Kosmala oversees product management for the IAPP with specific oversight of distance learning products, privacy certifications and industry awards programs. He also manages business development efforts between the IAPP and peer organizations in the information security, information auditing and legal compliance arenas as well as organizations based in the Asia-Pacific region. The IAPP, based in York, Maine, was founded in 2000 with a mission to define, promote and improve the privacy profession globally.

From the Heartland data breach to the new Massachusetts data protection law, privacy is the hot topic in business and government. In an exclusive interview, Peter Kosmala, assistant director of the International Association of Privacy Professionals (IAPP), discusses: The top privacy topics in business and government; How organizations are tackling these issues; The potential impact of state and federal privacy legislation; The value of the Certified Information Privacy Professional (CIPP) credential. Kosmala oversees product management for the IAPP with specific oversight of distance learning products, privacy certifications and industry awards programs. He also manages business development efforts between the IAPP and peer organizations in the information security, information auditing and legal compliance arenas as well as organizations based in the Asia-Pacific region. The IAPP, based in York, Maine, was founded in 2000 with a mission to define, promote and improve the privacy profession globally.

Chief of Computer Security Division Describes New Challenges Computer scientists at the National Institute of Standards and Technology are actively working on a number of projects aimed at helping federal agencies secure their IT systems. Helping direct those projects is Curtis Barker, chief of the Computer Security Division at NIST's Information Technology Laboratory. The division provides standards needed to protect federal government information systems against threats to the confidentiality, integrity and availability of information and services. In an interview, Barker describes active projects underway in the division, including: Identifying information security processes that can be automated; Improving ways for federal information security managers to more easily identify controls NIST identifies as crucial to secure government IT; and Identifying the security challenges of Web 2.0 and cloud computing so federal agencies can safely implement these technologies. Barker has been at NIST for more than eight years, including the past three as division chief. At NIST, he previously headed its personal identity verification program. Before joining NIST, Barker spent 19 year in business holding a number of IT security and management jobs. Earlier in his career, he spent 11 years at the National Security Agency in a number of roles, including IT security analyst. Barker earned his bachelor degree from the University of Texas, Pan American, and master degree from Johns Hopkins University.

Chief of Computer Security Division Describes New Challenges Computer scientists at the National Institute of Standards and Technology are actively working on a number of projects aimed at helping federal agencies secure their IT systems. Helping direct those projects is Curtis Barker, chief of the Computer Security Division at NIST's Information Technology Laboratory. The division provides standards needed to protect federal government information systems against threats to the confidentiality, integrity and availability of information and services. In an interview, Barker describes active projects underway in the division, including: Identifying information security processes that can be automated; Improving ways for federal information security managers to more easily identify controls NIST identifies as crucial to secure government IT; and Identifying the security challenges of Web 2.0 and cloud computing so federal agencies can safely implement these technologies. Barker has been at NIST for more than eight years, including the past three as division chief. At NIST, he previously headed its personal identity verification program. Before joining NIST, Barker spent 19 year in business holding a number of IT security and management jobs. Earlier in his career, he spent 11 years at the National Security Agency in a number of roles, including IT security analyst. Barker earned his bachelor degree from the University of Texas, Pan American, and master degree from Johns Hopkins University.

Activity at the State Level Points Toward a Federal Data Breach Notification Law Data privacy legislation -- the trend started in California and is being discussed heatedly in Massachusetts today. Data breach notification and privacy laws have now been enacted in 40 separate states, and government observers think we're close to seeing federal legislation proposed. In an exclusive interview, Randy Sabett, a noted privacy/information security attorney, discusses: Trends in state data privacy legislation; What these laws mean to businesses; The Obama Administration's approach to data privacy; Trends to keep an eye on throughout 2009. Randy V. Sabett, CISSP, is a partner in the Washington, D.C. office of Sonnenschein Nath & Rosenthal LLP, where he is a member of the Internet, Communications & Data Protection Practice. He counsels clients on information security, privacy, IT licensing, and patents, dealing with such issues as Public Key Infrastructure (PKI), digital and electronic signatures, federated identity, HIPAA, Gramm-Leach-Bliley, Sarbanes-Oxley, state and federal information security and privacy laws, identity theft and security breaches. He served as a Commissioner for the Commission on Cyber Security for the 44th Presidency.

Activity at the State Level Points Toward a Federal Data Breach Notification Law Data privacy legislation -- the trend started in California and is being discussed heatedly in Massachusetts today. Data breach notification and privacy laws have now been enacted in 40 separate states, and government observers think we're close to seeing federal legislation proposed. In an exclusive interview, Randy Sabett, a noted privacy/information security attorney, discusses: Trends in state data privacy legislation; What these laws mean to businesses; The Obama Administration's approach to data privacy; Trends to keep an eye on throughout 2009. Randy V. Sabett, CISSP, is a partner in the Washington, D.C. office of Sonnenschein Nath & Rosenthal LLP, where he is a member of the Internet, Communications & Data Protection Practice. He counsels clients on information security, privacy, IT licensing, and patents, dealing with such issues as Public Key Infrastructure (PKI), digital and electronic signatures, federated identity, HIPAA, Gramm-Leach-Bliley, Sarbanes-Oxley, state and federal information security and privacy laws, identity theft and security breaches. He served as a Commissioner for the Commission on Cyber Security for the 44th Presidency.

The Information Resources Management College isn't your father's or mother's graduate school. Part of the National Defense University, run by the Defense Department and based at Fort McNair in Washington, D.C., IRMC offers graduate-level courses to government employees working in civilian and defense agencies in 10 programs, including its fastest growing, information assurance. In this interview, college Director Robert Childs and faculty members Robert Young and Stephen Mancini discuss: What government information security professionals can get out of the college to help advance their careers. The unusual background of some of its faculty. How the college will align its future courses with the information security goals of the Obama administration. Robert Childs was named head of the Information Resources Management College in 1999. He established Centers of Excellence for Education in E-government and Information Assurance while expanding the number of institutions offering cooperative masters and doctoral degrees and increasing international and industry participation in programs. Robert "Rocky" Young has been a professor at the college since 2002. Young spent 21 years in the Air Force and is a certified physician's assistant who continues to practice medicine. He has presented widely on information assurance issues in healthcare, challenges related to wireless networks, cyber security and network and systems security principles, safeguards, and practices. Stephen Mancini is an active-duty Air Force captain who has performed key analysis on a variety of intelligence, surveillance and risk assessment projects for the Air Force Chief of Staff. His expertise is in critical infrastructure protection, information assurance and security and information operations and warfare.

The Information Resources Management College isn't your father's or mother's graduate school. Part of the National Defense University, run by the Defense Department and based at Fort McNair in Washington, D.C., IRMC offers graduate-level courses to government employees working in civilian and defense agencies in 10 programs, including its fastest growing, information assurance. In this interview, college Director Robert Childs and faculty members Robert Young and Stephen Mancini discuss: What government information security professionals can get out of the college to help advance their careers. The unusual background of some of its faculty. How the college will align its future courses with the information security goals of the Obama administration. Robert Childs was named head of the Information Resources Management College in 1999. He established Centers of Excellence for Education in E-government and Information Assurance while expanding the number of institutions offering cooperative masters and doctoral degrees and increasing international and industry participation in programs. Robert "Rocky" Young has been a professor at the college since 2002. Young spent 21 years in the Air Force and is a certified physician's assistant who continues to practice medicine. He has presented widely on information assurance issues in healthcare, challenges related to wireless networks, cyber security and network and systems security principles, safeguards, and practices. Stephen Mancini is an active-duty Air Force captain who has performed key analysis on a variety of intelligence, surveillance and risk assessment projects for the Air Force Chief of Staff. His expertise is in critical infrastructure protection, information assurance and security and information operations and warfare.