How Ohio Decided on NIST Framework

State CISO David Shaw on IT Security Standardization
Cobit, ITIL, ISO, NIST, an alphabet soup of standards governments often rely on to assure the safety of their IT systems. Ohio government IT leaders saw standardizing on one framework to be a more efficient way to help safeguard IT."When you boil them all down, there's a lot of consistency across the different standards, it still left us addressing them differently across the enterprise," David Shaw, Ohio state chief information security officer, says in an interview with Standardizing on NIST guidance, he said, also is "a consistent way of responding back to auditors as to what they should be seeing in our environments.

"We quickly came to the idea that NIST was probably the best framework for us as state government to adopt. And, a lot of that was focused around many of the agencies having to deal with federal requirements already around the NIST framework. Receiving federal funds, they were having to respond to federal auditors very much in a consistent way with the NIST framework."

In the interview, with's Eric Chabrow, Shaw also discusses how the:

  • CISO and chief privacy officer in the Ohio government collaborate.
  • Economy has an impact on IT security governance.
  • State will determine whether initiatives are successful.

Before becoming CISO, Shaw served as state deputy CISO. He began his government career in Ohio at the Department of Education, where he served as information security officer, assistant director of information policy and management, data manager, data center coordinator, professional conduct consultant and investigator.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.