Citizen Advisory Boards and Commissions  
  Apply for a board position  
  Appointments by Month  

September Minutes


ITAC MEETING MINUTES
September 17, 2009

Attendees: Gloria McNeill, Niamh Darcy, Robert Michaud, Vass Johnson, Hank Cox, Dr. Marc Hoit

Wake County: Sean Fiene, Lib Wanner, John Higgins
Due to work schedules Reginald Brown, John Killebrew, Darryl McGraw, Teresa Justice and could not attend the meeting.

The meeting began at 9:05 a.m.

Lib Wanner welcomed everyone to the meeting and ensured that all members had received the proper documentation.

Lib was required to leave the meeting early, as other obligations had arisen.

John Higgins, IT Manager for Technical Infrastructure, introduced himself to the members of the committee, and the members introduced themselves, as this meeting was the first after the summer break.

Wake County Risk Assessment Guidebook and Tool
John Higgins opened the presentation with a brief history on what initiated the need for the development of a Risk Assessment framework for the County.

John briefly discussed the different standards-based frameworks available, overviewed pricing he had received to have a framework developed for the County, and discussed tools other government agencies were using for performing risk assessments. John stated that through this research he believed the best tool for the County was an Excel template provided by the Security Architect at the Wake County Public School System. John detailed that this recommendation was presented to the Wake County Information Risk Management Core Team (IRMCT) for approval at the July meeting and that the recommendation was approved by the IRMCT.

Next, John overviewed the risk assessment framework chosen by the County in detail, covering the various sections of the guidebook to give the ITAC members context for how Wake County will perform risk assessments.

Lastly, John Higgins gave an update on the current status of the EMS risk assessment. At this point John opened the discussion for questions. Vass Johnson asked John how he was able to decide who was needed for the project within the business unit and how to keep them involved in the whole process. John answered that when beginning the risk assessment for EMS he worked with the EMS department head, explaining the various aspects of a risk assessment, and asked the department head whom they would like to involve for the project. Once the members of the business unit were identified, John scheduled individual meetings with the risk assessment team (IS staff and business unit staff) to detail the risk assessment tools and to walk the team members through multiple threat/vulnerability scenario discussions to score the harm/probability ratings for the assets being assessed. He then turned the team members loose to complete their sections in the tool on their own.

Overview of Possible Meeting Topics for FY10
Due to time constraints, this agenda topic was agreed upon by the group to move to the next meeting.

Other Business
No new business to report.

The ITAC members thanked John for the presentation delivered, and John Higgins thanked the group for their input and participation.

Meeting adjourned at 9:55 a.m.