Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

NASA appoints new information security chief

Former USDA IT official Valarie Burks is named space agency's new deputy CIO for IT security

NASA this week appointed Valarie Burks as its deputy CIO for Information Technology Security.

Burks replaces Jerry Davis, who left NASA last July to take over as the security chief at the Department of Veterans Affairs. NASA describes Burks as experienced in IT infrastructure development and management.

Burks was previously the associate CIO for cyber and privacy policy and oversight at the U.S. Department of Agriculture and was responsible for managing the department's governance, risk, crisis management and compliance functions. Burks is credited with developing and implementing a center of excellence for information security at the USDA.

Burks previously handled IT management functions at the White House Office of Management and Budget, Department of Commerce and the Government Accountability Office.

Burks' appointment to her new role is likely to be closely watched by security analysts.

Davis is credited with creating at NASA an operations-oriented information security, rather than one that focuses purely on maintaining compliance with the Federal Information Security Act (FISMA) standard.

Alan Paller, director of research at the SANS Institute, an organization that provides security training and certification services for many government organizations, said that NASA CIO Linda Cureton's is looking to Burks to continue that strategy.

"Cureton is just the second (federal CIO) to move an operations person who is also a good leader, into the top role," in information security, Paller said. The only other federal CIO to adopt such an approach is Roger Baker at the VA, he added.

"[Some] federal CIOs have awakened to the fact that their CISOs are compliance rather than operations people," Paller said. "They were getting reports instead of secure systems."

Some federal CISOs have proved somewhat inept at managing and improving security because of their focus on compliance management, he said. "All they [can] do is wave FISMA around and say 'you have to do this or that,'" Paller said.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: ASA, Department of Agriculture, NASA, Office of Management and Budget, SANS Institute

Comments

1

Jugs

Tue 18/01/2011 - 07:19

Compliance based management is bare bones - the OMB, Dept. of Commerce and GAO rarely follow their own advice. FISMA standards are based on original governmental needs as the need for security increases the standards must be improved. As someone who worked in Project Control and Oversight once said "If it's not a controled project than it's an oversight."

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: CIO role, government, Government use of IT, IT in Government, IT Leadership, it management, NASA, SANS Institute, security, U.S. Department of Agriculture
Latest Blog Posts
Whitepapers
  • Closing the print security gap - The market landscape for print security
    Today, many organisations continue to rely on printing to support business processes, particularly in the public sector, finance industry and legal profession. Whilst MFPs and printers have improved business productivity, they pose the same security risk as any networked device if left unprotected. With reported data breaches on the rise and growing industry and regulatory requirements around information security, businesses may suffer financial and reputational damage if they ignore the risks of unsecured printing. Read more.
    Learn more »
  • Five Things You Need to Know About Your Users Before You Deploy Business Intelligence
    In our years of experience working with companies of all types and sizes to design and deploy business intelligence systems, we’ve learned that there are five key things you need to know about your users before you roll out related technologies to them. In this paper, we will discuss these five things, as well as their implications.
    Learn more »
  • Seven SOA Practices to Unlock Business Value
    The fact is that companies are increasingly using SOA to gain competitive business advantage. Distilled down to seven essential SOA practices, the following list enables IT professionals to tightly align SOA investments with their organization’s business priorities. Using these practices can help with driving competitive advantage and adding measurable business value...and that’s a sure way for IT pros to win recognition and ongoing support within their companies.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments