State of Montana Information Technology Managers Advisory Council



Similar documents
IT Governance Charter

How To Protect Your State From Cybercrime

The Association, founded in 1913, shall be named The Potato Association of America, hereafter referred to as The Association.

NEW YORK STATE REHABILITATION COUNCIL GUIDING PRINCIPLES

Charter of the Human Resources and Compensation Committee of the Board of Directors of MasterCard Incorporated

Equity and High Income Funds Governance and Nominating Committee Charter

Federal Office of Small and Disadvantaged Business Utilization (OSDBU) Directors Interagency Council. CHARTER

Board of Directors Orientation Manual

Establishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology

State of Minnesota. Enterprise Security Program Policy. Office of Enterprise Technology. Enterprise Security Office Policy. Version 1.

SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 17 COMMUNITY COLLEGE INSTITUTIONAL ADVISORY COUNCILS

BROCK UNIVERSITY FINANCIAL PLANNING AND INVESTMENT COMMITTEE CHARTER

GARMIN LTD. Compensation Committee Charter. (Amended and Restated as of July 25, 2014)

CITRUS COMMUNITY COLLEGE DISTRICT HUMAN RESOURCES. Recruitment and Selection: Full-Time Faculty

CITY OF FERNIE EMERGENCY PLANNING COMMITTEE Terms of Reference

Brief Description: Reorganizing and streamlining central service functions, powers, and duties of state government.

Enterprise Asset Management Customer Utility Board Charter

CORPORATE GOVERNANCE GUIDELINES

OPERATING PROCEDURES OF THE BOARD AND COMMITTEES OF THE GLOBAL FUND TO FIGHT AIDS, TUBERCULOSIS AND MALARIA. 20 November

U.S. Department of Education. Office of the Chief Information Officer

State of Montana Strategic Plan for Information Technology 2014

CALIFORNIA GIS COUNCIL CHARTER

Statewide Transportation Advisory Committee Roles and Responsibilities (May, 2014)

Fixed Income And Asset Allocation Funds Governance And Nominating Committee Charter

Colorado Integrated Criminal Justice Information System (CICJIS) Program CHARTER and BYLAWS

Federal Reserve System Secure Payments Task Force

The University of Tennessee IT Governance Process (Restructured)

LANDesk Professional Services

Active Directory Self-Service Bundle

HP INC. BOARD OF DIRECTORS HR AND COMPENSATION COMMITTEE CHARTER

DTCC RISK COMMITTEE CHARTER

Iowa State University Proposal for HR-01 ISU HR Operating Model

KECK SCHOOL OF MEDICINE GOVERNANCE DOCUMENT June 20, 2011

TABLE OF CONTENTS 1.0 INTRODUCTION SCOPE AND AUTHORITY DEFINITIONS MEMBERSHIP... 4

Healthy Sacramento Coalition Operating Guidelines and Procedures

EVALUATION GUIDE. Evaluating a Self-Service Password Reset Tool. Usability. The password reality

State of Minnesota IT Governance Framework

Clark College Advisory Committee. Procedures Handbook. Advise for Action

Information Technology Governance Overview and Charter

Seminole County Public Schools Business Advisory Board. Bylaws

SCHOOL COUNSELING PROGRAM HANDBOOK

HEWLETT-PACKARD COMPANY BOARD OF DIRECTORS NOMINATING, GOVERNANCE AND SOCIAL RESPONSIBILITY COMMITTEE CHARTER

BY-LAWS OF THE ORGANIZATION OF COUNSELING CENTER DIRECTORS IN HIGHER EDUCATION

GTA Board of Directors September 4, 2014

BYLAWS CALIFORNIA STATE UNIVERSITY, DOMINGUEZ HILLS FOUNDATION A CALIFORNIA NON-PROFIT PUBLIC BENEFIT CORPORATION ARTICLE I CORPORATE SEAL ARTICLE II

An organization s bylaws generally include the following:

MORUMBI RESOURCES LTD. CORPORATE GOVERNANCE GUIDELINES

FLORIDA STATE UNIVERSITY COLLEGE OF BUSINESS BYLAWS

The Kroger Co. Board of Directors. Guidelines on Issues of Corporate Governance. (Rev. 5/11/15)

ORANGE COUNTY SECTION OF THE AMERICAN CHEMICAL SOCIETY. Bylaw I Name

Viewfinity Privilege Management Integration with Microsoft System Center Configuration Manager. By Dwain Kinghorn

St Johns County CoC Governance Charter St Johns County Continuum of Care St Johns County Continuum of Care Board Purpose of the CoC and CoC Board

UIL HOLDINGS CORPORATION CORPORATE GOVERNANCE GUIDELINES. Amended March 24, 2015

MATTEL, INC. AMENDED AND RESTATED GOVERNANCE AND SOCIAL RESPONSIBILITY COMMITTEE CHARTER

Proposed Readoption and Recodification with Amendments: N.J.A.C. 12A:9 as 17:45

Pennsylvania Coalition of Nurse Practitioners Bylaws

Governmental Oversight and Accountability Committee

Chapter 13 Human Services Page 1 of 10

Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications

The Protection Mission a constant endeavor

BYLAWS OF THE WORKERS' COMPENSATION SECTION OF THE STATE BAR OF TEXAS AS AMENDED THROUGH JANUARY 2010 ARTICLE I NAME AND PURPOSE

Bylaws of Citizens for Global Solutions, Inc. dba Citizens for Global Solutions Action Network

Infrastructure Support Engineer Job Profile

DENTSPLY INTERNATIONAL INC. CORPORATE GOVERNANCE GUIDELINES/POLICIES

BYLAWS OF THE INCOMMON LLC

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Human Relations Advisory Council Operating Charter

Corporate Governance Guidelines. Apartment Investment and Management Company. Adopted as of March 8, 2004 (last updated July 2010)

MICROSOFT SYSTEM CENTER SERVICE MANAGER CONSULTING SERVICES RFP # ADDENDUM #1. May 23, 2012

EMC CORPORATION. Corporate Governance Guidelines

ENTERPRISE IT SERVICE MANAGEMENT BUREAU OF ENTERPRISE SYSTEMS AND TECHNOLOGY ENTERPRISE SERVICE DESCRIPTION FOR. Ocotber 2012

Department of Information and Technology Management

Bylaws of the Emergency Medical Services Advisory Council

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF MGM RESORTS INTERNATIONAL OVERALL MISSION

*HB0380S03* H.B rd Sub. (Cherry) LEGISLATIVE GENERAL COUNSEL Approved for Filing: C.J. Dupont :25 PM

Transcription:

State of Montana Information Technology Managers Advisory Council Welcome and Introductions (1:00-1:05) Joe Frohlich, Past Chair Council Business Meeting August 7, 2013 1:00 3:30 Room 152 State Capitol Information Sharing (1:05 1:10) Order Continuing the Managers Advisory Council Members Past Chair Announcement of new/elected Council Members Past Chair Business (1:10 2:00) Operating Procedures Discussion Past Chair o Action Item Adopt August 2013 Procedures LGIT Update Joe Frohlich Strategic Planning Kyle Hilmer/Gartner Representative Break (2:00 2:20) Business (2:20-3:20) Electronic Records Management Status Update Anita Bangert Information Technology Conference Penne Cross Data Protection Initiative/HB10 Lynne Pizzini June/July Incident Reports Lynne Pizzini Mobile Device Management Lynne Pizzini Policy Update Lynne Pizzini Standing Agenda Items (3:20 3:25) Posted Reports Adjournment (3:25-3:30) Next Meeting September 4 Member Forum Public Comment Adjourn Parking Lot Communication Plan Notice: The Department of Administration will make reasonable accommodations for persons with disabilities who wish to participate in the ITMC's public meetings or need an alternative accessible format of this notice. If you require an accommodation, contact the Department of Administration no later than six business days prior to the meeting of interest, to advise us of the nature of the accommodation that you need. Please contact Julie Kriedeman at (406)444-4616, or email jkriedeman@mt.gov

Information Technology Managers Advisory Council (ITMC) Operating Procedures August 2013 OVERVIEW: The State of Montana Information Technology Managers Advisory Council (ITMC) herein referred to as Council was established in 1997 at the direction of the Director of the Department of Administration. The Council serves at the pleasure of the Governor and the Director of the Department of Administration. The Council is advisory in nature as per MCA 2-15-102 Advisory capacity means furnishing advice, gathering information, making recommendations, and performing other activities that may be necessary to comply with federal funding requirements and does not mean administering a program or function or setting policy. Until 2007, the Council was an open ended body with a representative from each state agency. Now the council consists of up to nine IT professionals including a chair, past chair, vice chair, up to five at large members, and the State CIO. These members are to be appointed in the June of each year for the ensuing fiscal year. The ITMC will suggest to the Director of the Department of Administration a slate of individuals as the members of the ITMC for the coming fiscal year. The Director of the Department of Administration will make the final appointment with the concurrence of the Governor. Responsibilities of the Council: The Council exists to provide advice to the Department of Administration, State Information Technology Services Division herein referred to as SITSD concerning the technology needs of state agencies on a wide range of technological issues within state government. In striving to provide suitable advice to the Department, the Council may undertake the following activities: gather information, review opportunities, review issues and provide advice to the State CIO; actively support planning and governance efforts of the Information Technology Board; actively participate in enterprise information technology policy and standards review processes; actively participate in state and agency IT strategic plan development, implementation, measurement and continual improvement; meet regularly to provide an opportunity for free exchange among information technology professionals on subjects of common interest and concern; and provide a forum for maintenance of the state's technical staff resources through continuing education, career development, and sharing ideas and resources. ITMC Procedures August 2013 1

MEMBERSHIP & PARTICIPATION: The Council requests an extension each biennium per 2-15-122, MCA. Annually, the Council recommends a change in membership. IT professionals from state agencies and representative(s) of local government gather each June and nominate a slate of members to include the outgoing chair, a new chair (typically the previous vice-chair), and up to six at large members. The vicechair is elected by the official council members after their formal appointment to the Council for the upcoming year. Selection as Vice Chair is made with the understanding that the individual so selected will transition to Council Chair for the following year, and will remain on the Council for the next year as well, making this a three-year commitment. This slate of members will be forwarded to the Director of the Department of Administration for review and approval for the coming fiscal year. The CIO or their designee is automatically a member of the council. VOTING: It should be noted that given the advisory nature of the Council, votes indicate the degree of consensus, not an approval or denial of any item. MEMBER PARTICIPATION: Active participation is necessary for the Council to function effectively. Continuity is essential regarding issues under discussion, and especially for those needing affirmative action. Therefore, if a member has 3 absences during a fiscal year, the Council can, in consultation with the agency or institution s director, recommend replacement of the member in question. SITSD PARTICIPATION: It is anticipated that, upon request, portions of the general meetings will include presentations by members of the SITSD technical and policy staffs. SITSD will ensure that staff with technical knowledge of the issue(s) is available at council meetings to share expertise. COMMUNICATIONS: The Council shall communicate with SITSD, the Information Technology Board and other entities through the Chair, or as delegated by the Chair. Members are encouraged to contact the Chair with suggested agenda items. Items requiring Council action will be noted on the agenda. Official correspondence will be distributed at the discretion of the Chair, or the Acting Chair, with the assistance of SITSD Council support staff. Action items or issues for future discussion will be noted by support staff, and coordinated with the Chair for future agendas. Minutes of the Council meetings will be provided to all Council members and interested IT professionals. They will be published on the SITSD web site. MEETINGS: ITMC Procedures August 2013 2

The Council regular meetings are held on the first Wednesday of every month and are open to all. IT professionals from federal, state, local, and tribal governments, and private entities are invited and encouraged to join in discussing topics of interest to the IT community. STAFFING: The SITSD provides staffing support to the Council. Such staffing consists of a Business/Technology Analyst and one individual providing administrative support. Council staffing support includes participating in building meeting agendas for monthly Council meetings, coordinating meeting times and rooms, taking minutes, distributing correspondence, and responding to the ad hoc needs of the Council. SITSD will also provide technical resources for assigned subcommittees as requested by the Council Chair. EFFECTIVE: These procedures will become effective upon approval at the August 2013 meeting. They will remain in effect commensurate with the Executive Order that establishes the Council. ITMC Procedures August 2013 3

Reporting to ITMC Information Owner Name: Irv Vavruska Organization & Work Unit: DOA/SITSD/Enterprise Support Bureau/Desktop Services Phone: 444-6870 Email: ivavruska@mt.gov Website (if applicable): Information Informational Issue Action Needed Other: Name of Service, Program, Project or Issue: New Service -- Microsoft SCCM Endpoint Protection Description: As you know, the State of Montana is moving from the Nod32 Anti-virus application to Microsoft s Endpoint Protection. In an effort to provide efficiencies and ease of migration, SITSD is offering a service to assist agencies in this move. As some agencies have discovered, SCCM can be a complicated product and requires some knowledge and training before it can be implemented. We have also discovered that an SCCM server can support up to 100,000 devices. With this in mind, SITSD is offering the following to an agency that would like SITSD to rollout Endpoint Protection: Rollout the SCCM agent to agency devices Configure Endpoint Protection with the agency defined options Remove ESET Nod32 from agency devices Provide annual updates to the devices For an agency with less than 100 devices, the cost would be $489.83. This charge would show up on the SITSD invoice as SCCM Support. For an agency with more than 100 devices, there would be additional charges depending upon the time needed for implementation. SITSD would be willing to provide an estimate for an agency with more than 100 devices that is interested in this service. Along with this service, access to the SCCM console would be provided to the agency technical staff to monitor desktops, run reports, etc. If your agency is interested in this service, please call our Service Desk at 444-2000. Impact: Key Dates:

Other information and list any attachments:

Data Protection Initiative Information Technology Managers Council August 7, 2013 Presented by: Lynne Pizzini, CISSP, CISM, CIPP Chief Information Security Officer State Information Technology Services Division 444-9127 lpizzini@mt.gov Overview 1. User Access Control and Verification 2. Statewide Risk Assessment and Penetration Testing 3. Statewide Training and Awareness Program 4. Chief Information Security Officer 5. Network Compartmentalization 1

USER ACCESS CONTROL AND VERIFICATION User Access Control and Verification A system that ties various login and authorization systems together into a unified whole. Establishes an enterprise data protection system that helps to address cyber threats and reduce the ability of cyber attackers to gain access by providing multifactor authentication. Ability to integrate various agency systems together to exchange and manage data. 2

User Access Control and Verification Phase 1 Initial installation and configuration of identity synchronization software and connecting to enterprise identity stores and services. This ties to the decision made by ITMC in January, 2012 that leverages Active Directory as the authentication and authorization directory of choice. Based on this position, our best option is to use our Microsoft enterprise agreement and move forward with the implementation of FIM. Includes self-service password reset. Governance of structure and gold source of data. User Access Control and Verification Phase 2 Installation and configuration of verification of users by use of multi-factor authentication and improved identity life cycle processes. Processes established Phase 3 Bridging other agency identity stores with the enterprise identity synchronization software. Framework with be established. Processes will be integrated. 3

User Access Control and Verification Timeline Phase 1 12 18 months beginning in October. Preliminary work is currently being completed with kickoff in October. Phase 2 6 10 months agency participation for purchase of Multi-factor authentication. Phase 3 12-18 months agency participation for different integration pieces. User Access Control and Verification Governance Team consisting of 9 members 4 appointed by ITMC to represent all agencies 2 from DOA HR Division Administrator and Chief Legal Counsel 3 from SITSD CIO, CTO, CISO Responsible for review and recommendations concerning policy statements, program stewardship, strategic planning, reviewing agency business requirements/requests. 4

STATEWIDE RISK ASSESSMENT AND PENETRATION TESTING Risk Assessment and Penetration Testing Conducted by a third party. Use of state contract. Highlight vulnerabilities and generate requirements for improving security. Generate proposal for next legislative session to improve security for the State of Montana. 5

Risk Assessment and Penetration Testing Timeline Currently collecting requirements. Will do a bid process and do SOW Anticipate having agreement with vendor to begin assessment in March, 2014. STATEWIDE TRAINING AND AWARENESS 6

Statewide Training and Awareness Was not included in recent HB10 Legislation New web site being made available Multiple levels of training: New employee Annual regular employee Technical Training Managerial Training Made available September 1 st Annual training is Governor mandated for all executive branch employees. CHIEF INFORMATION SECURITY OFFICER 7

Chief Information Security Officer Was not included in recent HB10 Legislation Position created in April, 2013 Provide leadership, standards, policies, and oversight for a state information security program. Management of statewide security risks that impact all of state government. NETWORK COMPARTMENTALIZATION 8

Compartmentalization of the Network Was not included in recent HB10 legislation Limit access to individual agency systems to provide security where needed. Only allow authorized users access to the network layer of systems ANY QUESTIONS? 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information