July 2011 Newsletter
In this months Issue:
- Message from the CIO
- Telecom Rates Are Dropping!
- Public Records Request System
- Securing Mobile Devices
- Bringing Risk Assessment In-House
- PM Corner
- Employee Bio - Heather Matott
Message from the CIO
by Richard Boes
I was approached a few weeks ago and informed it was a tradition for the CIO & Commissioner of DII to have a brief article in the newsletter and I wanted to take this opportunity to introduce myself to those of you I have not yet met and tell all of you a little about me.
Many of you may have heard I moved to Vermont from California and may be wondering how long I will last once the thermometer starts to plummet. And for those with that thought, I give my standard response that relocating from California does not mean I am from there. In fact, I’ve spent most of my adult life in New England and I grew up, not far from New England, in Syracuse, NY. I’ve actually worked in Vermont before (back in the early 90’s) as a part-time ski instructor at Killington. So, rather than welcoming the heat of the last few days, I’m actually hoping it will cool down soon and I have no doubt my wish will come true.
On a more professional level, I’ve been leading technology organizations and bringing business and technology together for over 20 years and I am a firm believer that technology is a tool, not a means to an end. When technology is used effectively, it will help us all provide the services the people of Vermont need and expect.
I am excited by the opportunity of working, in partnership, with all of you and helping you achieve the business and service outcomes that are so important to all of us and to our children. While I understand I will always be a “flatlander”, I hope to be a welcome transplant for many years to come.
Richard Boes (also go by Rich), CIO and Commissioner
Attention Business Managers and Those Who Manage Phone Line Accounts for Agencies and Departments!
by Joe Mullins & Doug Powell, submitted via Ruthann Sullivan
The Telecommunications division of the Department of Information & Innovation will be reducing several key rates on your phone bills starting with the new fiscal year beginning in July. ISDN and Station (phone) Lines will be reduced by $1.50 and Call Answering (voice mail) will be reduced to $2.85.
In addition to the telephone billing detail in the self-service report history, you can also now run reports of active phone lines or long distance authorization codes when you logon to our Telecommunications Work Order & Reporting system. Click on run report, click get, double-click on phone line report or auth code report, enter your employee number, click run report. You can print, email, or export that report as a MS Excel file or Adobe PDF file or select from many other file types. The Excel file type is the most useful, as you can add columns to add your own notes about the list.
You can use this information to discover unused or unneeded telephone lines which will save your agency and department even more dollars each month.
We hope the new Fairpoint Next Generation Voicemail and Call Processing system is meeting all your requirements. Remember, you can access the Centrex voice mail user guide at our web site:
Any questions or concerns, please call Telecommunications at 828-3400, or email firstname.lastname@example.org
Additionally all network circuits are now being funded via DII. Please be sure if you receive an invoice from a carrier that supports connectivity to the internet and/or Govnet that it is forwarded to:
Dept. of Information & Innovation
Accounts Payable / Network
133 State Street, 5th Floor
Montpelier, VT 05633-0210
Public Records Request System
by Harry Bell
In 2005 the Vermont Legislature required the creation of a service to track Public Record Requests for all agencies of state government. This resulted in the creation of the Public Records Request System. This service allowed any state employee to register for the service and submit information about any Public Record Request they handled. This service has been collecting data ever since.
Due to certain decisions made at the time that this service was first initiated there were some issues with the quality of the data being collected and the consistency with which the system was used to record requests. As a result the Legislature acted this year to update the reporting requirements and request an overhaul of the service.
The update to the law this last legislative session, Sec. 13 of No. 59 of the Acts of 2011, entitled State Agency Public Records Request System, created a new requirement for state agencies receiving a Public Records Request. The new section mandated many changes to the existing system, including the exemption or other grounds asserted as the basis for partial fulfillment or denial. As a result of this legislative change the Public records Request System at https://secure.vermont.gov/DII/foia/ was updated for a July 1st launch.
While much of the system will remain familiar several changes will be obvious to frequent users. The most dramatic change is the requirement that when a public records request results in a denial, in whole or in part, the user must state the reason for the denial and the statute where the rationale for denial can be found. In the new version of the service each exemption is listed as a choice in a drop down menu. This allows the user to select any valid exemption which exists under state law and also provides a concrete list for reporting that did not exist in the previous version where “Reason” was a free form text entry field.
Another enhancement to the system is the Registration section. This section provides registrants with a list of standardized agency names from which to choose. Again this replaces unstructured fields in the old system.
The sequence in which certain data is entered has also changed. Formerly, the “Close” screen simply allowed the user to change the status of a request. Now this screen is where a significant portion of the data entry is done. The “Action Taken,” “Reason request was fulfilled in part, denied, or not fulfilled,” and “Exemption” are all now a part of closing a request.
These changes should allow users to more quickly and accurately log Public Records Requests and improve the state’s ability to track the number and type of request we receive. If you have any questions about this service feel free to contact Harry Bell, Director of Web Services, at Harry.Bell@state.vt.us.
If you are the person responsible for processing Public records requests for your group you should make yourself familiar with the changes to this service. We hope the changes work to make this process easier and, in the long run, more useful.
Securing Mobile Devices
by Kris Rowley
Mobile devices are a hot topic. They are of special concern to me as the Security Director. Every time I turn around someone has a new type of device in their hand.
The technology is advancing faster than security can keep up with it. Every device has different security capabilities. Some can be encrypted, others cannot. Some have the ability to have strong passwords applied, other only pins, some have nothing. Every business, of any size, is dealing with the quandary of how to deal with security around mobile devices.
Again, user education is a primary key to successful security. So, below is some information about mobile devices for both work and personally owned devices and how to use them safely where ever you are.
Big Things Come in Small Packages!
Mobile computing devices include mobile phones, pagers, BlackBerry devices, iPhones, and portable storage devices, such as USB drives. Some of these devices are multifunctional and may be used for voice calls, text messages, email, Internet access, and may allow access to computers and/or networks. Mobile computing devices have become indispensable tools for today's highly mobile society. Small and relatively inexpensive, these multifunction devices are becoming as powerful as desktop or laptop computers. While increased productivity is a positive feature for any organization, the risks associated with mobile devices can be significant and include issues stemming from human factors to technological issues.
The Risky Business of Mobility!
A significant amount of personal, private and/or sensitive information may be stored or accessed via mobile devices. The portable nature of mobile devices makes it more difficult to implement physical controls. Additionally, the fact that some employees are increasingly using their personal mobile devices for business purposes have resulted in heightened risks. Ironically, many of the risks associated with mobile devices exist because of their biggest benefit: portability. Many of these devices can store vast amounts of data, making them vulnerable to unauthorized access to the information from either interception of data in transit or theft or loss of a device. In addition to data loss, mobile computing devices carry the risk of introducing malware. Certain types of malware can infect the devices or can be used as a platform for malicious activity. Devices with onboard microphones and cameras are also vulnerable to unintended activity through publicly available tools, possibly resulting in eavesdropping or tracing the device’s location. Cellular and Voice-over IP (VoIP) technologies also have vulnerabilities that can be easily exploited, resulting in intercepted calls.
What Can Be Done to Secure Mobile Computing Devices?
The protection of mobile devices must be a primary task for organizations. The following steps can help you protect your data and your mobile computing device.
Follow any statewide policies and agency/department policies that apply to mobile device use.
- Keep your mobile device physically secure. Millions of mobile devices are lost each year.
- Control what data is stored on the device. Do not store unnecessary or sensitive information. If you do have to store sensitive information on a device, such as a USB drive, make sure it is encrypted.
- Use a secure password or PIN to access your device. If the device is used for business purposes, you should follow the password policy where appropriate, such as on laptops, or use passwords on Smartphone’s to the extent that they allow.
- Disable features and services that are not needed (Bluetooth, WiFi, GPS, etc). If the Bluetooth functionality is used, be sure to change the default password.
- Enable storage encryption on devices that allow this feature. This will help protect the data stored on your device in the event it is lost or stolen, assuming you have it password protected. Most laptops are encrypted by the agency/department that issues the machine. Do not download additional software on laptops. See your IT personnel if you have questions about the security on your laptop.
- Download applications only from vendor-authorized sites. For iPhone users, use only the iTunes site. Sites offering “free games” or “ring tones” are sources for distributing malware.
- Do not open attachments from untrusted sources. Similar to the risk when using your desktop, you risk being exposed to malware when opening unexpected attachments.
- Do not follow links to untrusted sources, especially from unsolicited email or text messages. As with your desktop, you risk being infected with malware.
- If your device is lost, report it immediately to your carrier if it is a personally owned device, or if a work device, to your IT manager or helpdesk. Some devices allow the data to be erased remotely.
- Before disposing of the device be sure to wipe all data from it if it is a personally owned device. If used for work, follow your agency/department policy for disposing of any type of computer equipment.
Be smart! Be careful! Mobile devices are fun, efficient and very powerful tools but you need to remember that they carry an element of risk with them.
A Government Information Security Podcast: Bringing Risk Assessment In-House
"Since becoming Vermont's first CISO three years ago, Kris Rowley's been on a quest to create an IT Security culture in state government. Rowley's latest initiative, bringing risk assessment in-house, is helping build that culture."
To listen to the full podcast (13 minutes), select the following link and click on "Play Streaming Audio."
Project Management: What's Most Important?
by Christine Hetzel
It is with a mixture of excitement and a heavy heart that I write my last PM Corner article today. I have resigned from the Enterprise Project Management Office and will be departing at the end of July (that’s the heavy heart part). However, I will be staying in VT state government, and will be joining the DHR team (that’s the excitement part).
I have challenged myself to define what’s “most” important to share with you before I depart. If I had only one opportunity to provide you with project management information/advice, what would it be (in one brief article)?
There are two core fundamentals that I believe have created great success in the wide variety of projects I have managed in the last 15 years…….communication and understanding the triple constraint.
Communicate, communicate, communicate
Though we live in a world of constant communication…email, instant messaging, blackberries, droids, iphones, miscommunication abounds. The most effective project managers understand that one of the most important aspects of their job is communication. Communication not only keeps everyone up-to-date on the project’s progress, but also facilitates buy-in and ownership of major project decisions and milestones.
- Who do we need to communicate with?
- When should we communicate?
- How do we communicate? (Email, voice, written, meetings, etc.)
- What types of information need to be communicated?
- Are they receiving the message that I am sending?
Anne Morrow Lindbergh Quote:
Good communication is as stimulating as black coffee, and just as hard to sleep after.
Babysit the Triple Constraint
Like any human undertaking, projects need to be performed and delivered under certain constraints. Each side of the triangle represents a constraint that exists, at some level, on all projects. One side of a triangle cannot be changed without impacting the other sides of the triangle. The same concept can be applied to managing the triple constraint. You can’t change the time, the cost or the scope of the project without this change having some impact on the remaining constraints. The triple constraint is similar to a three legged stool, if one leg changes, it always has an impact on the other two. If you don’t make adjustments to the other two constraints (or legs in this example), you are likely to fall.
Projects fail when one constraint changes and appropriate adjustments are not made to the other constraints.
As a real world example, assume that your daughter asks you to pick up two of her friends and drive them to soccer practice. Yesterday, you had agreed to pick up and drive just one friend. Managed as a project, your scope, the work of picking up her friend, just increased. It is very likely that the time it takes you to actually pick up both friends (vs. the one friend) will need to increase. It is also very likely that your cost, the expense of gasoline for your car, will also increase due to the additional pick up.
Unfortunately, many project managers will automatically reject a change to the triple constraint and say “No, this is impossible”, I can’t pick up the additional friend for soccer practice. Others will automatically accept a change to the triple constraint and say “Yes, absolutely we can do that”, I can pick up your friend, but they make no adjustment to budget or schedule to accommodate that change. Both approaches are equally risky to the overall health of the project.
The most appropriate course of action is to have a discussion with the project sponsor about how this “change” will affect the other constraints to the project. As project managers, we need to allow our sponsor to have authority over projects. Our responsibility is to help them understand how their decisions impact the overall success of the project. This approach ensures that what is most important about the project, from our sponsor’s point of view, remains protected. We are their ambassadors, focused on ensuring the outcomes they wish to achieve are accomplished.
It’s been a pleasure to work with so many of you over the last five years! I wish you the greatest successes in ALL of your endeavors!
Christine Hetzel, PMP
Employee Bio - Heather Matott
by Peter Jaquith
If there is a “go to” person within DII to find out answers to most operational needs or to find out “to whom” we should go for an answer, that would be Heather Matott in the Administration Division of DII.
Heather is our Executive Staff Assistant to the Office of the Commissioner and CIO. She has worked in this capacity for a couple years now. She came to DII about 6 years ago from the National Life Insurance Company, joining the DII Accounting office and working alongside Connie Churchill (last month's BIO). When the Agency of Administration Business Office consolidation occurred, Heather transitioned to becoming the full-time executive staff assistant to the CIO. She has served under Commissioners Tom Murray, David Tucker, interim Commissioner Ruthann Sullivan and starting Monday, June 20th, will see her fourth CIO, as Richard Boes begins his time with us as our new CIO.
I can personally say that Heather has been a great help to me in looking into anything, from purchasing card procedures, travel information, ordering office supplies, parking and visitor security passes, ordering new phones, shipping and receiving items, preparing hardware to go to Surplus Property, scheduling conference rooms, processing time sheets, etc. This list could go on. Heather is always quick to help and step in where needed. She is a great organizer as well.
She currently resides in Barre Town with her husband of 14 years, Kevin and their two children, Brittany (8) and Kyle (7). She says Brittany tends to be accident prone like her Mom. Hmmmm?...... sounds like a risky combination for Heather as she has enjoyed various sports, specifically Tae Kwon Do for which she has a “red belt”. Many of us witnessed a demonstration of her skills during a DII summer picnic a couple years back. Here’s a tip: “Stay on her good side.” :) It’s not surprising then, since she enjoys Tae Kwon Do, that Heather's favorite movie would be the 1989 hit “Best of the Best.” Her husband Kevin at one point played football in a semi-pro league which is yet another testimony to this family’s athletic prowess. The family also has two dogs, Lucy and Evander, which she obviously adores, as she included pics of them here for this bio. They all spend time together camping and fishing at a campground in Alburg each summer. Heather claims to not be a morning person even though she is here bright and early each morning ready to go for DII. I’m sure those lazy mornings by the lake are a great time to relax and sleep in.
Heather, thanks for being such a wealth of information in so many different areas! You are certainly one of the “Best of the Best” here for providing access to the information and processes we need to do our jobs.