North Carolina Chief Information Security Officer Recognized

Ann Garrett named Information Security Executive of the Year 2004

by / December 14, 2004
Ann Garrett, North Carolina CISO
At a recent awards ceremony in Washington D.C. the Computer Security Institute and the Executive Alliance named North Carolina's Chief Information Security Officer (CISO), Ann Garrett, Information Security Executive of the Year for 2004. The national award "honors exemplary achievement and excellence in managing enterprise-wide information and network security systems," according to the sponsors.

Ms. Garrett, who has held her position at the Office of Information Technology Services since 1999, was one of 250 nominees from across the country. Others nominated for the award were Ed Amoroso, the chief security officer of AT&T, Jane Scott Norris, Chief Information Security Officer of the State Department, and William C. Boni, Vice President and Chief Security Officer for Motorola Information Protection Services.

North Carolina's CIO George Bakolia said Garrett leads a strong team of professionals that protects the state's network. "The award recognizes her dedication to improving information technology throughout state government."

Nominees for the Information Security Executive of the Year for 2004 were required to be a member of senior management primarily responsible for the information security performance of the company or organization, to have a proven track record of information security leadership and promoting a security vision that supports the organization's strategy and must be someone who creates positive and rewarding work environments for employees.

Garrett, who has held her position at the Office of Information Technology Services since 1999, has been a driving force behind North Carolina's statewide security initiatives. When she arrived, the state had few security policies to guide technology development and had done little to develop standards. In 1999, she established the Information Security Office (NCISO) and immediately began implementing a long-range plan to centralize security functions. She first secured the cooperation of agencies across the executive branch then proceeded to develop a statewide incident response procedure and a comprehensive security awareness program.

In 2001, Garrett worked with the General Assembly to adopt legislation that mandates statewide information security standards and requires each agency to appoint a security liaison to can work with NCISO staff on issues of mutual concern and communicate security threats effectively to agency staff. She developed training programs for these liaisons and established a security portal where the liaisons can access research and policy. The security portal also serves as a communication tool when threats to the network arise. The portal can broadcast potential problems and their resolutions, if applicable, in a safe and secure fashion.

In 2003, at the General Assembly's direction, Garrett undertook an information security assessment of the executive branch agencies to determine the level of compliance with state standards and industry best practices. The assessments provided a clear view of the current information security posture for the state and a basis on which to fund new information technology projects. The assessment has allowed the state to embark upon statewide improvements that reduce costs across the board while improving information technology security.

As of May of 2004, Garrett completed the assessment mandated by the General Assembly in March of 2003 and submitted the results to the state's CIO for presentation to the Assembly and implementation.