you are at: Home DII Divisions Commissioner CIO DII Newsletters July 2009 Newsletter

July 2009 Newsletter

 

 
In this months Issue:

Statewide Information Technology Assessment

by Tom Murray

Tom

 

We (the CIO’s Office) currently have a Request for Proposal (RFP) out for an assessment of information technology statewide. The goal is get an inventory of what we have and determine where opportunities exist to improve operations and drive more efficient/secure deployment of information technology.  The RFP is broken into several categories: Data Center/Server Infrastructure, Network, Desktop, Procurement, Project Manager, Mainframe, Governance and Security.  The vendor, which has not been selected yet, will be asked to compare our current state to what is consider industry “best practice”, develop a cost benefit analysis for the State to implement a best practice (or better practice) solution, and provide an implementation plan. Given the timing we plan to have some of the key areas of the assessment completed by the end of this year, so that any significant recommendations can be included in the FY2011 budget. There are areas that we will be able to move forward in without financial commitments, for example IT Governance.

At this point we have received the bids from several qualified vendors and we hope to have a contract signed by the end of August. In early September we plan to hold a kick-off meeting in which we’ll explain the process involved as the vendor conducts the inventory and assessment. We look forward to working with your respective departments on this assessment; we expect that this assessment will be a vital component of our strategy to enhance the services that Vermonters receive from the state. Patricia Houston is the DII project manager leading this project and she can be reached at patricia.houston@state.vt.us .

Blogging for Vermont

by Harry Bell

RSSFeed                                            

For many years the basic unit of the Web world was the Web page. As technology advances this is becoming less and less true. Information online has changed so that the same piece of information can be shared between multiple Web pages on various sites. In some cases these snippets of information are news stories or advertisements. More and more, however, the most common example of this type of content seen online is the blog post.

A blog (short for weblog) is a web page where regular entries are made (such as in a journal or diary) and presented in reverse chronological order. Blogs often offer commentary or news on a particular subject, such as technology, special interests, or local news although many function as simply personal online diaries. A blog can combine text, images, and links to other blogs, web pages, and other media related to its topic.

For state entities blogs can be a very efficient method to communicate certain types of information to specific audiences. Targeted groups on state blogs could include campers, sportsmen, tourists, farmers, teachers, or even State Legislators. Regardless of the audience a blog can be a dynamic, informative, and responsive forum if it is managed well. Managed poorly it is very easy for a blog to become stale, repetitive, and unreliable.

Blogs also have the advantage that the content can be shared in a number of ways. Depending on the blogging software used blog posts can be distributed using Really Simple Syndication (RSS) feeds that allow RSS users to have new posts delivered automatically to an aggregator whenever they are added. Posts can also be shared through text messaging, email alerts, and other Web Pages.

It has always been true that as the Web changes the state’s way of communicating online has also changed. This was true with blogging as it was with video, audio, and online shopping in the past. As the online world adapts to these changes the state must make sure it can compete in this online medium, where appropriate.

The state’s Enterprise Content Management System is capable of including a blog on any site hosted in the system. But having a dedicated blog on a state site is only one option. Blogging can also extend to micro-blogs such as Twitter and social sites such as Facebook. The state Web Portal, as well as the Departments of Tourism and Parks and Recreation already have a presence on one or more of these sites.

In order to help state entities move into blogging safely and effectively the CIO’s Office has created a Blogging Policy providing guidance to state staff. The basics of blogging are very simple but they are also very powerful. This combination can lead to some common issues that crop up for any organization choosing to use blogs to communicate.

One issue to be aware of is that of ownership. Blogs started out as a means of self expression. Because of this the writing seen in blogs has tended to be very free form and uninhibited. When using blogging as a state employee it is essential, while keeping the blog interesting, to remember that any blog hosted or initiated by the State of Vermont are the property of State of Vermont and qualify as official state communications. Therefore nothing should ever be written in a state blog that you wouldn’t feel comfortable putting under state letterhead or in a state email.

Another issue that must be considered is copyright. All content posted to a State of Vermont blog, regardless of type (text, image, audio, video), is held by the State of Vermont. Posting content to a State of Vermont blog also grants the State of Vermont the right to use that content in any medium at any time without royalty or licensing payment. It is essential that this be communicated to anyone adding comments or content to a state blog. This is an issue that can cut both ways. Blog owners must also have in place a process to deal with the inevitable time when someone claims that copyrighted material has been added to a Vermont Web site without the owner’s permission.

As has been pointed out, when a state employee writes for an official blog they are not only writing for themselves. The state is ultimately responsible for any content added to a state blog. That responsibility resides with State of Vermont Program Directors and/or Managers of Units. These individuals are directly responsible for all blogs maintained by their programs. They must be aware of all blogs within their jurisdiction and assure the appropriateness and quality of the content being posted on them.

Finally, it is essential for all state blogs to comply with other, existing, state electronic communications policies and standards including:

  • Web Based Collection of Potentially Sensitive Data
  • Malware/Anti-Virus Standard
  • Acceptable Use Policy
  • Web Accessibility Standard
  • Web Image Use Policy
  • Record Retention Standards

It is always interesting when the state moves into a new technology. There is always a learning curve to over come and things are a little uncertain at the beginning. We hope that the new Blogging Policy will be a good first step in helping state programs harness this powerful communication tool.

If you have questions about blogging or would like more information please email Harry Bell, Director of Web Services or call 828-5338.

 

Photo for "blogging" article by Beaudenoir, Hungary

 

All this Functionality in One Device!

by Kris Rowley

1Device                                                            

 

Mobile communication devices (includes Blackberrys, iPhones, smart phones in general) have become indispensable tools for today's highly mobile society. Small and relatively inexpensive, these multifunction devices can be used not only for voice calls but also text messages, email, and Internet access, along with stand-alone applications similar to those performed on a desktop computer. A significant amount of personal, private and/or sensitive information may accumulate or be accessed via these devices. Additionally, some of these devices may allow you to access your home computer or your corporate network.

What Risks Do They Present?

While the devices offer many benefits and conveniences, they also pose risks to you and/or your organization’s security. As these devices continue to take on the characteristics of personal computers, they also inherit the same potential risks. Some of the primary risks include the following:
 

  • The portability of the device leads to a higher likelihood of loss of the device. Millions of mobile communication devices are lost each year.
  • When Bluetooth and/or wireless (not cellular) communications are enabled, these devices are subject to the risk of eavesdropping and “highjacking”.
  • “Malware” available, that if installed on your device, can allow a perpetrator remote access to your device to listen and record all of your calls, send text messages to the perpetrator whenever you make or receive a call, read all of your messages, make calls on your behalf from your phone, access all of the information on your phone, trace your location and enable the speaker functionally on the phone to listen in on conversations even when the phone is not in use.
  • Sites purporting to offer “free games or ring tones” are major vectors for distributing malware.
  • While the reports of worms and viruses impacting these devices are relatively low, this is expected to increase in the future.

Despite the risks outlined above, many users do not understand how vulnerable their mobile device is or how to deploy important security settings and controls.

What Can I Do to Secure My Mobile Communication Device?

The following outlines steps you can take to protect your mobile communication device. Some of the steps are dependant upon the functionality of your device.  

  • Use a password to access your device. If the device is used for work purposes, you should follow the password policy issued by your organization.
  • If the Bluetooth functionality is not used, check to be sure this setting is disabled. Some devices have Bluetooth-enabled by default. If the Bluetooth functionality is used, be sure to change the default password for connecting to a Bluetooth enabled device.
  • Do not open attachments from untrusted sources. Similar to the risk when using your desktop, you risk being exposed to malware when opening unexpected attachments.
  • Do not follow links to untrusted sources, especially from unsolicited email or text messages. Again, as with your desktop, you risk being infected with malware.
  • If your device is lost, report it immediately to your carrier or organization. Some devices allow the data to be erased remotely.
  • Review the security setting on your device to ensure appropriate protection. Be sure to encrypt data transmissions whenever possible.
  • Enable storage encryption. This will help protect the data stored on your device in the event it is lost or stolen, assuming you have it password protected!
  • Beware of downloading any software to your device. If the device is used for work, follow your organization’s policy on downloading software.
  • Before disposing of the device be sure to wipe all data from it and/or or follow your organization’s policy for disposing of computer equipment.

As always, make sure your children are aware of the risks of using a mobile device. As can be seen from the lists above, many of the risks are the same as those encountered on a home computer. Remember, when your child is using a smartphone of any brand, they have access to the Internet!

 

Photo for "functionality" article by Svilen Mushkatov, Bulgaria

 

BIO2

by Peter Jaquith

Serena 

In this month’s BIO we are introducing Serena Kemp from the DII Enterprise Project Management Office (EPMO) group to you. Please take this opportunity to get to know a little more about Serena.

Serena has been a member of the DII team here since April 2005. She currently works as an Enterprise Business Analyst in the EPMO office. Serena came to us four years ago from the National Life Insurance Co. She had been with National Life for two and a half years and was looking for an opportunity to improve her career path which brought her to DII. Serena also recently received a promotion within DII when she moved to the EPMO office. Congratulations Serena!

Serena and her husband Eric reside close by in Barre Town. Although they have no children yet, they have a yellow lab named Harley James whom they treat as “a son.” In fact, one of Serena’s favorite movies is “Marley & Me” because it reminds her of Harley.

Here’s what Serena says about her hobbies and interests…. “I love to ride motorcycles. I just got a new Yamaha FZ6R. I enjoy playing basketball in the Montpelier Women's league, playing softball for DII and the Montpelier Women's league, and going to camp in Milton. My husband and I are part of Central Vermont Boating Club that we visit most every weekend and we enjoy our camper that is parked there for the summer. While at camp we go fishing, swimming and tubing. My husband knee boards and water skies, I tried knee boarding but after a rough crash I now leave that to him. In the winter time, we like to take our snowmachines around Central Vermont. And, I love heath bar crunchie creemies in the summer.”

Serena will soon be celebrating because she recently found out that come September her brother’s family will have their second daughter. She is quite excited about becoming an aunt…..again. And, she and her husband Eric enjoyed a cruise to the Bahamas in June to celebrate their first wedding anniversary on May 24th.

Thanks for being a highly valued member of the DII Team!

Enterprise SharePoint (MOSS) Infrastructure Project Update

by Tom Jenny, PMP

SharePointGraphic 

 

A breakthrough for team collaboration

In today’s business environment, collaboration with team members inside and outside your organization is essential. If you’ve been using shared file folders, e-mail, or earlier versions of collaborative software, you’ve experienced lost “islands” of information stored by earlier team members and non-descriptive information categories.

The DII SharePoint 2007 hosting service includes "out of box" standard features as well as enterprise functionality. There is also the capability for custom SharePoint applications. SharePoint includes portal capabilities allowing different web page content to be displayed according to who you are and what your interests might be.

SharePoint "out of the box" features help your teams collaborate on projects using a web interface. SharePoint allows for the presentation and sharing of business critical information in one central location and provides for ease of work collaboration across the enterprise. The service organizes all of your shared information, tasks, events, and more – whether you’re working with a team of six or an interagency community of six hundred.

For example, in a simple SharePoint "out of box" work team collaboration each person on the team may have a library of shared documents, another area where they are collectively editing and updating documents, an area for announcements and possibly a calendar of team events.

A more complex SharePoint presentation may allow a private citizen to log into an external SharePoint site and, based upon who they are, see a set of applications of interest from multiple State agencies. The application set could potentially include such things as State licensing and permitting programs, access to tax or motor vehicle information or links into legislative activity among other things.

State agencies and departments, boards, commissions and other qualifying governmental entities can request DII SharePoint hosting.

Start with a small site and expand when you need to. Customers simply log into their SharePoint web site through a browser – no need to purchase hardware or software or hire a technician to maintain it. SharePoint 2007 is the quality, reliable service you need for your collaborative projects.

The Enterprise SharePoint environment has been built and DII is in the final testing stages right now with expectations for releasing it for production use sometime next month. We will be launching a SharePoint portal with more detailed information and all the forms and documentation you will need to get you started towards using the service.

The Natural Resources Board (NRB) is one department that is planning on utilizing SharePoint as soon as it’s ready and they have engaged a vendor to work with them to develop a custom SharePoint implementation. NRB is planning to be a pilot program for the “custom” SharePoint implementation process. I recently talked with Lou Borie, NRB’s Chief Coordinator, about their plans for SharePoint and what follows is a portion of our discussion:

TJ: Hi Lou and thanks for taking the time to chat with us today. What exactly does the NRB plan to use SharePoint for?
LB: We plan to make Act 250 permit applications, associated documents and decisions available first to state agencies and then the general public. It will provide immediate access to this information without the need to email or snail-mail the documents. In the future we hope to have an on-line permitting process.

TJ: Why SharePoint?
LB: We were happy to learn the State was adopting SharePoint as a tool for enterprise content management (ECM). It seems like the perfect solution for making Act 250 permit information generally available to our various constituents. And, it provides the collaboration tools for us to easily work with our 5 regional offices and the various other entities that are involved in the permitting process via a simple web interface.

TJ: How will SharePoint help NRB achieve its overall mission?
LB: We see SharePoint as a powerful tool that will help make the permit process more efficient and transparent for everyone involved. All information pertaining to Act 250 permits will be in one location and easily accessible for both state agencies and the general public.

TJ: What do you foresee will be the primary benefits of using SharePoint?
LB: It will provide easy access to these Act 250 documents via the web. We hope to eventually have all of the 27,000 permits (going back to 1970) and their associated documents in the SharePoint environment. The ability to store 39 years of Act 250 information electronically in one location that can be easily accessible by anyone is a considerable accomplishment. We’re currently dealing with an enormous mass of paper documents! The capability to search across this entire database of historical information will also be a big advantage for us and the general public.

 

We will keep you informed on NRB’s progress with their SharePoint implementation in a future article.
If you would like to learn more about how SharePoint could help you, please contact me via email thomas.jenny@state.vt.us

Project Portfolio Management

by Christine Hetzel, PMP

PM 

Do you currently have a place to view information about the project work currently underway and how that work relates to future work that needs to be done? Can you easily report on how much this collective work will cost you in terms of time, dollars and team resources? Do have the information to prioritize what can be done and when? If you don’t have this information at your finger tips (and most of us don’t) then a useful process to consider is project portfolio management.

Given the State of Vermont’s current budgetary constraints, IT leaders are facing increased scrutiny from the legislature and leaders of state programs. How we spend our IT dollars and manage our resources is increasingly important as we continue to leverage technology to create further efficiencies into our business processes. It may be a scary economic climate, but it’s a great motivator to improve ourselves, our processes and the way that we spend tax payer dollars.

Project portfolio management is a discipline that helps organizations to analyze and collectively manage proposed and ongoing projects. Project portfolio management helps IT as well as Business leaders understand the benefits, costs, risks and value of various projects across various Departments, Agencies and if done properly, across the entire Enterprise.
Since a healthy process always begins at the beginning, effective project selection is the foundation of successful project portfolio management. Valuable information can be gathered and utilized to score various projects to determine which projects provide the best return for the money, time and resources spent to implement them. Here are just a few additional benefits to project portfolio management: visibility into team resource allocations, compatibility of various projects, overall usage of project dollars, alignment of project work load to overall business strategy, increased opportunity to collaborate on projects across the Enterprise as well as dashboard reporting for ongoing projects.

Although the State of Vermont has been utilizing a custom Access application (PlanIT) to attempt to unify IT project selection and coordination, it is time to grow the project portfolio management discipline to the next level. The Enterprise Project Management Office will be taking a leadership role to investigate the processes and tools needed for effective project portfolio management. Look for future articles to report on the activities of cross Agency teams formed to pilot various applications and processes.

If you have questions about project portfolio management please do not hesitate to contact me, or the Enterprise Project Management Office, at 828-1143.

BA Corner

by Serena Kemp

BABOK® Guide 2.0 is now available!

The International Institute of Business Analysis (IIBA) has announced the release of version 2.0 of the Business Analyst Body of Knowledge.

The release of version 1.0 of the Business Analyst Body of Knowledge (BABOK) Guide, "the collection of knowledge within the profession of Business Analysis and reflects current generally accepted practices," was launched in January of 2005; since then there have been a number of sub-versions released.  Most recently version 2.0 was released in June to International Institute of Business Analysis (IIBA) members. The goals for the latest revision were to complete the descriptions of the knowledge areas, simplify the structure guide, integrate the knowledge areas, eliminate the areas of overlap, and clarify the Business Analysts' relationships with other similar professional roles. One of the major changes made from version 1.6 to version 2.0 was the consolidation of tasks, reducing the total number from 77 to 32, which from a process point of view is excellent!

To give you more detail about the BABOK Guide - "it is a globally recognized standard for the practice of business analysis and describes business analysis areas of knowledge, their associated activities and tasks, and the skills necessary to be effective in their execution. However the BABOK guide should not be construed to mandate that the practices described in the publications should be followed under all circumstances. Any set of practices must be tailored to the specific conditions under which business analysis is being performed."

The BABOK Guide currently can be accessed by IIBA members only at http://www.theiiba.org/am/.