RE: CRIME Computers vulnerable at Oregon department

From: MAGEE Rob (Rob.Magee@ODE-EX1.ODE.STATE.OR.US)
Date: Tue Sep 24 2002 - 10:06:15 PDT

  • Next message: neil: "Re: CRIME Computers vulnerable at Oregon department"

    State agencies have so much inertia built up, for numerous reasons, in some
    cases outside pressure/mandates are the only effective means of moving the
    agency/Dept. in the direction of security.
    I am a Network Tech at the Dept. of Education. We supply network services
    and support for several agencies housed in our building (Public Service
    Building). In spite of the ongoing dialog with management concerning our
    woeful security practices and policies, management makes decisions based on
    as much convenience as they can get away with. 
    Since we rely on DAS for connection to the State backbone, and various
    services, when they demand that we meet certain minimum standards,
    management doesn't fight it too much.
    Likewise, since we happen to provide services to the Oregon Health Plan, we
    have to follow the guidelines for HIPAA. 
    There are Federal laws for securing the personal records of the underage
    students which we track.
    Without these constraints, our Dept would be at least as insecure as HRS.
    
    -----Original Message-----
    From: T. Kenji Sugahara [mailto:sugahara@private]
    Sent: Tuesday, September 24, 2002 8:45 AM
    To: Dion Baird
    Cc: Shaun Savage; CRIME
    Subject: Re: CRIME Computers vulnerable at Oregon department
    
    
    Dion,
    
    I agree that centralized management would be beneficial.  The question 
    is how to do it.
    
    Would you recommend a new agency that deals strictly with tech or 
    delegate the function strictly to DAS (and thereby fold the other IT 
    depts into the super DAS)?  Or do you think that would simply add to 
    the bureaucracy and confusion?  I am assuming that there would be an 
    initial resistance by agency management, but legislative combined with 
    executive mandate could push things along.
    
    Kenji
    
    
    On Tuesday, September 24, 2002, at 08:34  AM, Dion Baird wrote:
    
    >   My perception of the problem as an IT specialist and a state employee
    > is that there is no centralization.  Each Department (i.e. ODOT, HRS,
    > DAS, etc.) calls their own shots as far as desktop and server OS's,
    > equipment, etc.  Only certain systems are centralized for the entire
    > state, and yes Shaun, most of those DO run open source OS.
    >
    >   Most big shops run MS desktop at least because it's easier to train
    > users on (most of them have Windows based systems in their home), and
    > for the most part, it's easier to find trained personnel, and also to
    > train personnel to support it.  Most of the server based stuff will be 
    > a
    > mixture of OS's.  For instance at DAS, we are mostly windows based
    > supporting a citrix environment, however we have a couple of large Sun
    > boxes and a Linux server or two.
    >
    >   The bottom line is that until all IT is centralized as least as far 
    > as
    > management and command and control, it's going to be very difficult to
    > set any standards for OS's and equipment and put them in place.
    >
    > Dion Baird
    >
    >
    



    This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 10:36:19 PDT