RE: CRIME Computers vulnerable at Oregon department

From: Jerry Krummel (jerry@sage-inc.com)
Date: Wed Sep 25 2002 - 15:24:47 PDT

  • Next message: Andrew Plato: "RE: CRIME Computers vulnerable at Oregon department"

    RE: CRIME Computers vulnerable at Oregon departmentI decided after reading a
    few of these to jump in. I met last fall with the folks from DAS to discuss
    IT security issues and to show them the BRICKServer product. I do know the
    DAS IT folks talked about developing a lab to work on such issues to then
    make recommendations to the various agencies about security issues.  As a
    sales representative for SAGE I am disturbed about the State fails to take
    security issues seriously. With products like BRICKServer on the market, the
    cost does not have to be extraordinary.
     Now as a constituent I am concerned about my personal information being
    available to anyone who wants it. As a State Representative, I am pissed
    that people like Bobby Mink can get away with dumb statements such as the
    one credited to him by the Oregonian. First of all in the scope of things,
    he does not have to sacrifice services to people for IT security, they are
    different budget line items. Secondly, the State of Oregon has a
    responsibility to its clients to protect their personal information,
    thirdly, when it is the employees who are stealing from the taxpayer, they
    need to be hammered.
     It would be interesting to get a few of the IT people together to see what
    kind of solutions they would come up with and at what cost.
    
    Jerry Krummel (State Representative, HD 26)
    
    Jerry Krummel
    Senior Account Executive
    SAGE, Inc. Western Region
    30339 SW Thomas St., #803
    Wilsonville, OR 97070
    Tel: 503-682-3995; Cell: 503-936-6987
    Email: jerry@sage-inc.com
     www.sage-inc.com  www.thirdpig.com
    
    
      -----Original Message-----
      From: owner-crime@private [mailto:owner-crime@private]On Behalf Of
    BAIRD Dion E * DAS DOIT
      Sent: Tuesday, September 24, 2002 10:00 AM
      To: 'T. Kenji Sugahara'; 'Dion Baird'
      Cc: 'Shaun Savage'; 'CRIME'
      Subject: RE: CRIME Computers vulnerable at Oregon department
    
    
       Kenji,
    
        My personal opinion is that it would almost certainly need to be a new
    agency, BUT you could, and would almost certainly need to compose this new
    agency of existing agency personnel from the different existing agencies IT
    support people.  Politically this would almost certainly be the only
    feasible way to centralize and not step on too many toes.  At the same time,
    I think that maybe the head honcho should be an independent hire from
    corporate background, or someone without their own agenda in any case.
    
    
        I think that it's entirely possible if legislature mandates the matter
    based on the cost reduction of standardization and centralization alone.
    The problem is having someone in charge that will study the current
    situation of equipment and current personnel qualifications, and take ideas
    suggestions from the current IT organizations, this means the techs and not
    just the management.  Then be able to make a decision and have the ability
    to enforce it.
    
      Dion Baird
    
      -----Original Message-----
      From: T. Kenji Sugahara [mailto:sugahara@private]
      Sent: Tuesday, September 24, 2002 8:45 AM
      To: Dion Baird
      Cc: Shaun Savage; CRIME
      Subject: Re: CRIME Computers vulnerable at Oregon department
    
    
    
      Dion,
    
      I agree that centralized management would be beneficial.  The question
      is how to do it.
    
      Would you recommend a new agency that deals strictly with tech or
      delegate the function strictly to DAS (and thereby fold the other IT
      depts into the super DAS)?  Or do you think that would simply add to
      the bureaucracy and confusion?  I am assuming that there would be an
      initial resistance by agency management, but legislative combined with
      executive mandate could push things along.
    
      Kenji
    
    
    
      On Tuesday, September 24, 2002, at 08:34  AM, Dion Baird wrote:
    
      >   My perception of the problem as an IT specialist and a state
      > employee is that there is no centralization.  Each Department (i.e.
      > ODOT, HRS, DAS, etc.) calls their own shots as far as desktop and
      > server OS's, equipment, etc.  Only certain systems are centralized for
      > the entire state, and yes Shaun, most of those DO run open source OS.
      >
      >   Most big shops run MS desktop at least because it's easier to train
      > users on (most of them have Windows based systems in their home), and
      > for the most part, it's easier to find trained personnel, and also to
      > train personnel to support it.  Most of the server based stuff will be
      > a mixture of OS's.  For instance at DAS, we are mostly windows based
      > supporting a citrix environment, however we have a couple of large Sun
      > boxes and a Linux server or two.
      >
      >   The bottom line is that until all IT is centralized as least as far
      > as
      > management and command and control, it's going to be very difficult to
      > set any standards for OS's and equipment and put them in place.
      >
      > Dion Baird
      >
      >
    



    This archive was generated by hypermail 2b30 : Wed Sep 25 2002 - 16:44:32 PDT