State agencies have so much inertia built up, for numerous reasons, in some cases outside pressure/mandates are the only effective means of moving the agency/Dept. in the direction of security. I am a Network Tech at the Dept. of Education. We supply network services and support for several agencies housed in our building (Public Service Building). In spite of the ongoing dialog with management concerning our woeful security practices and policies, management makes decisions based on as much convenience as they can get away with. Since we rely on DAS for connection to the State backbone, and various services, when they demand that we meet certain minimum standards, management doesn't fight it too much. Likewise, since we happen to provide services to the Oregon Health Plan, we have to follow the guidelines for HIPAA. There are Federal laws for securing the personal records of the underage students which we track. Without these constraints, our Dept would be at least as insecure as HRS. -----Original Message----- From: T. Kenji Sugahara [mailto:sugahara@private] Sent: Tuesday, September 24, 2002 8:45 AM To: Dion Baird Cc: Shaun Savage; CRIME Subject: Re: CRIME Computers vulnerable at Oregon department Dion, I agree that centralized management would be beneficial. The question is how to do it. Would you recommend a new agency that deals strictly with tech or delegate the function strictly to DAS (and thereby fold the other IT depts into the super DAS)? Or do you think that would simply add to the bureaucracy and confusion? I am assuming that there would be an initial resistance by agency management, but legislative combined with executive mandate could push things along. Kenji On Tuesday, September 24, 2002, at 08:34 AM, Dion Baird wrote: > My perception of the problem as an IT specialist and a state employee > is that there is no centralization. Each Department (i.e. ODOT, HRS, > DAS, etc.) calls their own shots as far as desktop and server OS's, > equipment, etc. Only certain systems are centralized for the entire > state, and yes Shaun, most of those DO run open source OS. > > Most big shops run MS desktop at least because it's easier to train > users on (most of them have Windows based systems in their home), and > for the most part, it's easier to find trained personnel, and also to > train personnel to support it. Most of the server based stuff will be > a > mixture of OS's. For instance at DAS, we are mostly windows based > supporting a citrix environment, however we have a couple of large Sun > boxes and a Linux server or two. > > The bottom line is that until all IT is centralized as least as far > as > management and command and control, it's going to be very difficult to > set any standards for OS's and equipment and put them in place. > > Dion Baird > >
This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 10:36:19 PDT