look at the entire commonwealth, it can be overwhelming."
Technology alone doesn't enhance security. People also do, which is where the peer-to-peer sphere comes in. This area is all about sharing the wealth -- knowledge, training and experiences -- through three groups: the Commonwealth Information Security Council, the Information Security Officers Advisory Group and the Information Security Orientation program. They're go-to zones for personnel looking to gain some security IQ.
The Information Security Officers Advisory Group is a monthly meet-up for top security officials. The group was originally meant to influence government IT projects and policy, but membership grew too large, with 100 to 150 people chiming in. Today state information security officers use the group to share information about emerging security trends, technologies and occurrences that could affect local IT.
The Information Security Council is much smaller, with roughly 12 representatives from universities and every branch of state government, including local governments, who meet monthly. This group zeroes in on policy and strategic directions that affect security.
Participants in the Information Security Orientation program learn security strategies that will make their agencies compliant with state standards.
The sphere also includes orientation and training for new information security officers. This training is open to other personnel who want to learn about compliance.
Spreading the Word
The changes brought forth by the interlocking spheres project aren't only evident in the back-end data center and networks. Changes also are apparent on the VITA Web site.
The information security incident reporting form allows state personnel to inform VITA about anything from site defacements and viruses to inappropriate use of technology and hacks. This reporting structure complies with a crucial requirement: Executive branch agencies must report these issues to the CIO within 24 hours of when they were discovered or should have been discovered.
"That form is one of the methods we use for our agencies to communicate to us that an incident has occurred," Green said, "and the mission of that form is to activate our incident response team."
VITA also helps government workers and citizens practice good computer hygiene by offering tips and resources via the online Information Security Awareness Toolkit, a site with information and software code for visitors to take if they wish. There's a video, posters, brochures, a calendar, crossword puzzles and more -- all designed to plant the seeds of secure computing in the minds of those willing to be educated. The site's advice and links connect employees and the public to outside security resources, which is defined as part of the external sphere of interlocking security.
The toolkit was developed before the interlocking spheres project began, so these educational offerings will be fine-tuned, according to Nakita Albritton, who serves in as VITA's manager of information security and continuity of operations coordinator.
"There's going to be a section [geared] toward executive information security awareness," she said. "It'll include security articles that basically give a little snapshot of some of their responsibilities and standards. It'll have presentations in there, and as we find other ways of distributing information to them, we'll add those things."
The toolkit's YouTube video, The Duhs of Security, is a quirky 13-minute production that covers basic security steps that everyone should know. Actor Garet Chester's humorous narration features a bevy of celebrity impressions -- no doubt intended to save viewers from boredom -- as they're educated about the benefits of deleting mysterious e-mails and changing passwords. The video may need some updating: Some of Chester's characterizations, like one based on Peter Falk's portrayal of Lt. Columbo from decades past, may not register with modern audiences.