Government Information Security Podcast

As the first chief information security officer of Vermont, Kris Rowley's primary mission isn't to build an information security organization, but to create a culture of IT security and trust. In a state where many agencies operate their own independent information systems -- stovepipes, she calls them - encouraging agency heads and their IT staffs to adapt to new approaches proves to be a challenge, one she's willing to take on. "People have their own domains, and they're the lord of their domains, and that's where they feel comfortable," says Rowley, who's been on the job since last September. "Part of that is a trust issue, as well. There's now an office of CISO in the state, and that's new to people. That involves change, and as we all know, change is difficult." In an interview with GovInforSecurity.com Managing Editor Eric Chabrow, Rowley discusses how she plans to change old habits by fostering an information security culture in Vermont, as well as working to codify information assurance policies and