MEETING MINUTES
State Information Technology Advisory Committee
Monday, December 15, 2008
1:00 – 4:30 PM
Bank of North Dakota, 1200 Memorial Highway, 2nd Floor Training Room (Room 201)
1:30 pm – 1:40 pm Welcome Lisa Feldner
Call to Order: The meeting was called to order by Lisa Feldner.
Members present:
Lisa Feldner - Information Technology Dept.
Eric Hardmeyer – Bank of North Dakota
Carol Olson – Dept. of Human Services
Maren Daley – Job Service
Arvy Smith – Dept. of Health
Sparb Collins – Public Employees Retirement
Tom Trenbeath – Office of Attorney General
Cory Fong – Tax Dept.
Sally Holewa – Supreme Court
Senator Rich Wardner – Legislative Assembly
Kurt Link – MDU Resources Group
Tim Horner representing -- Dept. of Transportation
Jim Silrum representing – Secretary of State
Members Absent:
Francis Ziegler – Dept. of Transportation
Alvin Jaeger – Secretary of State
Laura Glatt – University Systems
Pam Sharp – Office of Management and Budget
Bruce Furness – Workforce Safety & Insurance
Representative Bob Skarphol – Legislative Assembly
Craig Hewitt, MeritCare Health System
Guests Attending / Presenting:
Representative David Monson -- Legislative Assembly
Linda Belisle – ND Central Services Division
Joe Herslip – Bank of North Dakota
James Barnhardt – Bank of North Dakota
Rob Forward -- Workforce Safety & Insurance
Cher Thomas – Attorney General’s Office
Russ Buchholz -- Dept. of Transportation
Mike Ressler – Information Technology Dept.
Dan Sipes – Information Technology Dept.
Nancy Walz – Information Technology Dept.
Gary Vetter – Information Technology Dept.
Pat Forster – Information Technology Dept.
Jeff Quast – Information Technology Dept.
Jeff Swank – Information Technology Dept.
Mark Molesworth – Information Technology Dept.
Brandi Fagerland – Information Technology Dept.
Kevin Nosbusch – Information Technology Dept.
Eli Cornell – Information Technology Dept.
Art Bakke – Information Technology Dept.
1:40 pm – 1:55 pm IT Standards, Enterprise Architecture Study Updates & EPMO Standards
Cher Thomas
Mark Molesworth
Cher Thomas (Architecture Review Board Chair) provided an update on EA activity:
The future state of the Desktop Domain Team was modified slightly with housekeeping items. Lisa Feldner accepted a motion from Eric Hardmeyer, a second from Carol Olson, and a unanimous vote for approval.
EA Standards Presented:
• The online user authorization standard was changed to exclude local law enforcement officers as “public” entities.
• The standard and template for acceptable use of electronic communications devices were updated to include new technologies such as blogging, instant messaging, and hand-held devices.
• The access control standard was changed to enhance password requirements from 6-to-8 characters. Passwords also cannot be reused until after 24 other passwords have been created.
Lisa Feldner accepted a motion from Cory Fong, a second from Tom Trenbeath, and a unanimous vote for approval.
The PC life-cycle guideline was updated to address “Green IT” initiatives and the disposal of electronic equipment. Disposal strategies that are environmentally friendly are encouraged, including trade-in programs offered by vendors as they become available. Linda Belisle commented that a state-wide strategy is in place today that includes State Procurement. They are releasing an RFP this week that will address “e-waste”. They also assist underfunded schools and political subdivisions with acquiring state surplus.
EA Study Teams:
• Data-at-Rest team will address data security on portable devices (laptops, external hard-drives, etc.).
• Collaboration team will address software for wikis, blogs, electronic team-rooms, etc.
• Electronically Stored Information team will address e-discovery and records retention. They are looking first at business requirements/risks and then at appropriate technical solutions.
Mark Molesworth from the Enterprise Project Management Office presented an updated standard for review. It is designed to be the middle-ground between ND Century Code and the project management guidebook. Minimum requirements are clearly defined. A document repository, trained project manager, project startup report, scope variance reports, and project closeout report are now required on all large projects.
Lisa Feldner accepted a motion from Sally Holewa, a second from Eric Hardmeyer, and a unanimous vote from approval.
1:55 pm – 2:30 pm IT Planning Legislation Changes
Jeff Swank
Jeff Swank described potential legislative changes:
• Housekeeping
• Allow CIO to exempt entities from IT planning
• IT Plan due date changed from July 15th to August 15th
• Allow CIO to extend IT plan filing deadline
• Remove detailed list of content for IT plans
• Remove budget language
Operation, project, and budget information would be gathered from agencies using less onerous documentation. Lisa Feldner accepted a motion from Carol Olson, a second from Maren Daily, and a unanimous vote for a supporting resolution.
2:30 pm – 3:00 pm Cyber Security Presentation / ITD
Eli Cornell
Dan Sipes
Eli Cornell provided awareness on cyber-security. Most organizations allocate significant resources to strengthening their parameter, so attackers are now targeting application vulnerabilities. Cross-site scripting is the top security risk today; some sources predict that 85% of web-sites are at risk. Another 20% of applications are vulnerable to injection flaws.
As an end-user, the best protection is to patch your software, directly link to sites, and utilize browsers with “no script” plug-ins and cross-site scripting filters. Organizations can protect themselves by enhancing awareness/education and by implementing application firewalls, scanning tools, and a formal incident handling process.
3:00 pm – 3:15 pm Break
3:15 pm – 3:40 pm SharePoint Demo/Bank of ND Joe Herslip
James Barnhardt
Eric Hardmeyer outlined the business value of the BND intranet. Using SharePoint technologies, they have developed a site called “Synergy” that helps them to communicate within the Bank of North Dakota. James Barnhardt and Joe Herslip presented a live demonstration of the site.
Kevin Nosbusch is ITD’s product manager; he can assist agencies that are interested in learning more about SharePoint.
3:40 pm – 3:55 pm Agency Reports
Mark Molesworth
Rob Forward from Workforce Safety & Insurance reported on a new Medical Data Mining Solution. Using a $300,000 budget and a 2-year proof-of-concept, the project is designed to address medical fraud, abuse, and errors.
3:55 pm – 4:20 pm Highlight ITD’s 2009-11 Budget Request Mike Ressler
ITD’s 2009-11 core “operational” budget is $111,324,078 and includes 256 FTEs. Other programs, such as the K-12 network, the Longitudinal Data System, GIS, CJIS, EduTECH, the Center for Distance Education, and the Education Technology Council bring the total budget to $139,599,433 and 330.2 FTEs.
Twenty-three large IT projects were ranked by SITAC; fifteen were included in the Governor’s Budget.
4:20 pm – 4:30 pm Wrap-up
Lisa Feldner
No comments:
Post a Comment