This report expands upon the themes and issues raised at a forum on Security and Critical Infrastructure Protection sponsored by the National Association of State Chief Information Officers (NASCIO). At the forum, held in November 2001, conference participants identified a series of actions designed to combat emerging cyber-threats to security and critical infrastructure. Subsequent to the Forum, NASCIO asked Don Heiman, former Chief Information Officer of the State of Kansas, to develop recommendations for improving public-sector information security.