RE: CRIME Computers vulnerable at Oregon departmentI decided after reading a few of these to jump in. I met last fall with the folks from DAS to discuss IT security issues and to show them the BRICKServer product. I do know the DAS IT folks talked about developing a lab to work on such issues to then make recommendations to the various agencies about security issues. As a sales representative for SAGE I am disturbed about the State fails to take security issues seriously. With products like BRICKServer on the market, the cost does not have to be extraordinary. Now as a constituent I am concerned about my personal information being available to anyone who wants it. As a State Representative, I am pissed that people like Bobby Mink can get away with dumb statements such as the one credited to him by the Oregonian. First of all in the scope of things, he does not have to sacrifice services to people for IT security, they are different budget line items. Secondly, the State of Oregon has a responsibility to its clients to protect their personal information, thirdly, when it is the employees who are stealing from the taxpayer, they need to be hammered. It would be interesting to get a few of the IT people together to see what kind of solutions they would come up with and at what cost. Jerry Krummel (State Representative, HD 26) Jerry Krummel Senior Account Executive SAGE, Inc. Western Region 30339 SW Thomas St., #803 Wilsonville, OR 97070 Tel: 503-682-3995; Cell: 503-936-6987 Email: jerry@sage-inc.com www.sage-inc.com www.thirdpig.com -----Original Message----- From: owner-crime@private [mailto:owner-crime@private]On Behalf Of BAIRD Dion E * DAS DOIT Sent: Tuesday, September 24, 2002 10:00 AM To: 'T. Kenji Sugahara'; 'Dion Baird' Cc: 'Shaun Savage'; 'CRIME' Subject: RE: CRIME Computers vulnerable at Oregon department Kenji, My personal opinion is that it would almost certainly need to be a new agency, BUT you could, and would almost certainly need to compose this new agency of existing agency personnel from the different existing agencies IT support people. Politically this would almost certainly be the only feasible way to centralize and not step on too many toes. At the same time, I think that maybe the head honcho should be an independent hire from corporate background, or someone without their own agenda in any case. I think that it's entirely possible if legislature mandates the matter based on the cost reduction of standardization and centralization alone. The problem is having someone in charge that will study the current situation of equipment and current personnel qualifications, and take ideas suggestions from the current IT organizations, this means the techs and not just the management. Then be able to make a decision and have the ability to enforce it. Dion Baird -----Original Message----- From: T. Kenji Sugahara [mailto:sugahara@private] Sent: Tuesday, September 24, 2002 8:45 AM To: Dion Baird Cc: Shaun Savage; CRIME Subject: Re: CRIME Computers vulnerable at Oregon department Dion, I agree that centralized management would be beneficial. The question is how to do it. Would you recommend a new agency that deals strictly with tech or delegate the function strictly to DAS (and thereby fold the other IT depts into the super DAS)? Or do you think that would simply add to the bureaucracy and confusion? I am assuming that there would be an initial resistance by agency management, but legislative combined with executive mandate could push things along. Kenji On Tuesday, September 24, 2002, at 08:34 AM, Dion Baird wrote: > My perception of the problem as an IT specialist and a state > employee is that there is no centralization. Each Department (i.e. > ODOT, HRS, DAS, etc.) calls their own shots as far as desktop and > server OS's, equipment, etc. Only certain systems are centralized for > the entire state, and yes Shaun, most of those DO run open source OS. > > Most big shops run MS desktop at least because it's easier to train > users on (most of them have Windows based systems in their home), and > for the most part, it's easier to find trained personnel, and also to > train personnel to support it. Most of the server based stuff will be > a mixture of OS's. For instance at DAS, we are mostly windows based > supporting a citrix environment, however we have a couple of large Sun > boxes and a Linux server or two. > > The bottom line is that until all IT is centralized as least as far > as > management and command and control, it's going to be very difficult to > set any standards for OS's and equipment and put them in place. > > Dion Baird > >
This archive was generated by hypermail 2b30 : Wed Sep 25 2002 - 16:44:32 PDT