Information security programs in the public sector are required to overcome substantial, unique difficulties, in addition to addressing the same challenges faced by their counterparts in the private sector. Statewide public-sector information security programs must be broad enough to address control sets from myriad regulatory requirements, properly and effectively secure a wide range of data types, support the business processes and workflows of dozens of agencies (each with their own mandates and requirements), and adapt to the changes in direction and priority that a regular election cycle may bring.