How Ohio Decided on NIST FrameworkState CISO David Shaw on IT Security Standardization
"We quickly came to the idea that NIST was probably the best framework for us as state government to adopt. And, a lot of that was focused around many of the agencies having to deal with federal requirements already around the NIST framework. Receiving federal funds, they were having to respond to federal auditors very much in a consistent way with the NIST framework."
In the interview, with GovInfoSecurity.com's Eric Chabrow, Shaw also discusses how the:
- CISO and chief privacy officer in the Ohio government collaborate.
- Economy has an impact on IT security governance.
- State will determine whether initiatives are successful.
Before becoming CISO, Shaw served as state deputy CISO. He began his government career in Ohio at the Department of Education, where he served as information security officer, assistant director of information policy and management, data manager, data center coordinator, professional conduct consultant and investigator.