you are at: Home DII Divisions Commissioner CIO DII Newsletters September 2009 Newsletter

September 2009 Newsletter

In this months Issue:

Statewide IT Assessment Kickoff

by Tom Murray

Tom

 
As we mentioned in our last newsletter, the statewide IT assessment is slated to begin in the coming weeks.  The vendor has been selected and we are planning a formal kickoff in early October (details to follow).  The goal of this assessment is to inventory the state’s IT infrastructure (servers, desktops, data centers and networks) and to make recommendations for improvements. This assessment was recommended by the State’s Technology Council (“STC”), consisting the IT managers from all large agencies and departments, as a way to understand exactly what exists throughout the state.  In addition, the legislature mandated an assessment to look at virtualization and “cloud” computing and to report back in January.  
 
As we move forward e-Government enabled by a sound technology infrastructure will be essential to meeting the needs of our citizens. We also expect that the assessment’s recommendation will help to improve security and data sharing among agencies.  We recognize that there will be a resource commitment from each department and agency for a short time to assist the vendor, but the benefits from this process will be significant. 
 
Thanks in advance for your assistance in this process and stay tuned for details about the kickoff.

 

 

PlanIT Migration Plans; Project Portfolio Management

by Patricia Houston

PortfolioTheory 

Graphics Reference:  http://en.wikipedia.org/wiki/Modern_portfolio_theory
 

One afternoon in the 1950s while reading The Theory of Investment Value by John Burr Williams, Nobel laureate Harry Markowitz developed the basic concepts of portfolio theory that investors diversify because they are concerned with risk as well as return. His subsequent article “Portfolio Selection”, published in 1952, changed the way investors make investment decisions. Prevailing practice was to select individual investments based upon their risk-reward characteristics. Markowitz suggested that investors should select portfolios based upon their overall risk-reward characteristics rather than the risk-reward characteristics of individual securities.

A few decades later, the pioneering work of an economist in the area of the stock market found its way into the IT governance and management field.

Like an investment portfolio, Project Portfolio Management (PPM) manages projects as a portfolio of assets and strives to improve the outcome by balancing the risk and rewards of a single project with the overall vision and capabilities of the enterprise.

Wikipedia defines Project Portfolio Management as “a term used by project managers and project management organizations to describe methods for analyzing and collectively managing a group of current or proposed projects based on numerous key characteristics.” My simple definition for PPM is a series of activities to identify, prioritize and initiate projects. Thus we take our portfolio of projects, or project “wannabes”, and continually prioritize what projects we work on based on what our priorities are.

To put it in even simpler terms, the projects and programs are the troops fighting the battle (and we all know that it can be a battle!), and as new information comes in, the field changes, troops are moved and the generals have to make necessary decisions to ensure that the end goals are achieved. Above all else, portfolio management needs to be recognized for what it is- an enterprise-wide strategic discipline that provides a top level, big picture view of what is going so that decisions can be supported and direction set for projects and programs.

Many businesses have mistakenly adopted an informal method of making project decisions- investing time, money and resources into one project over another without understanding the bigger picture or its impact. This has resulted in an inability to explain to leadership, and sometimes taxpayers, why one project has taken priority over another. Oftentimes, the various projects being undertaken may be so unrelated that decision makers are challenged to try to come to some understanding as to what the projects or programs are and the impact that all may have on the budget, and the resources.

As projects and programs are implemented, so the reality changes--milestones are achieved- or missed, resources become available- or are consumed, projects begin- or are turned over to operations. In an ideal world, the portfolio management function simply watches the “master plan” unfold, but we all know that we don’t live in an ideal world. Reality is always different than planned, and sometimes portfolio management needs to step in to shift priorities, change goals, etc. in order to respond to the reality that is unfolding in front of them.

Portfolio management is not project management with bigger numbers; it is enterprise management with a more direct focus. When you manage your work as a portfolio, you change the emphasis from the costs of each initiative (i.e. money, people, and resources) to the value provided. If the value (and alignment) is right, the work will get authorized. If the value is not there, the work should be eliminated, cut or set aside for another day.

What is the State doing for IT Project Portfolio Management?

Many of you are probably aware of the PlanIT database that was built a few years ago for the CIO's office. PlanIT was created to help meet the legislative statute that the CIO has to report to the legislature all projects costing $150,000 or more. While PlanIT has been very helpful to the CIO, we now find that the enterprise is ready to move towards a more comprehensive PPM that will allow for a top level, big picture across the enterprise but more importantly allow departments and agencies to prioritize and track their own projects (IT or business related).

This October/November will be the last time that agencies/departments will utilize PlanIT to report their large IT projects to the CIO’s office. A few weeks ago a team of IT professionals, representing agencies across the enterprise, assembled to begin the work around defining and implementing a more comprehensive Project Portfolio Management method and tool that can be used by the enterprise. The overall goal of this new PPM tool will be to allow users to manage their portfolio of projects from the department level all the way up to the enterprise level from small projects (less than $150k) to large projects (greater than $150k).

In short, the PPM team will:

  1. Determine some general profiles of IT related projects. For example:
    • Name and description of the project
    • Type of project (new development, maintenance, infrastructure, etc.)
    • Goal of the project and how it supports the business goals of the organization
    • Stakeholders who will benefit from the project’s successful completion
    • Analysis of the potential CBA of the project
  2. Determine a methodology for prioritizing projects. This method will provide a set of unbiased criteria by which every project can be scored. These criteria should be as objective as possible, and each should be given a weight as to its importance related to other criteria.
  3. Determine what tool, or tools, can be implemented across the enterprise for agencies and departments to utilize as they move into the world of Project Portfolio Management.
What do YOU need to do?
PlanIT

If you have been, or will be, responsible for inputting information into PlanIT, we are asking that you contact Darwin Thompson (Darwin.thompson@state.vt.us). Darwin is trying to track down all of the PlanIT users to ensure that DII communicates any changes that have happened with PlanIT for this year.

PPM

As mentioned above, a team has been assembled to help with define what the enterprise PPM process and/or tool will look like. We are hoping that interest will continue to grow and that business and IT leadership will participate in this very important project. If you are interested in participating on the team, or would simply like to receive occasional updates on the progress of this project, please contact the PPM Project Manager- Patricia Houston (patricia.houston@state.vt.us or 828-1145).

 

October is Cyber Security Awareness Month

by Kris Rowley

OctoberCyberSecurity

Governor Douglas is going to officially proclaim October as Cyber Security Awareness month in the State of Vermont.   This is the first year Vermont has participated in this event. Last year 41 governors signed similar proclamations. The goal is to have all 50 states sign proclamations declaring October as National Cyber Security Awareness month by the end of next month.
 
Cyber security is everyone’s responsibility! Help spread the word about cyber security in your business, home, and school. The Department of Information and Innovation has FREE posters, 2010 calendars, and book marks reminding all of us about the importance of being cyber safe. If you would like to receive any of these items, please send an email to: Amanda.lewis@state.vt.us . Also, please visit our Information Security web site at http://itsecurity.vermont.gov/ for more information about cyber security.
 
Because we care, we are security aware!

 

 

New Enhanced Telecommunications Work Order System

by Ruthann Sullivan 

DII Telecommunications is pleased to announce that we will be improving our customer's access to our service requestor system known as Compco. In the very near future, submitting requests and trouble reports to us will be done through a more user friendly "shopping cart" style interface. This new interface not only promises to eliminate all of those pesky errors you've been getting, it also allows you to fill a shopping/service cart with the new services, features & telecom supplies your office needs. This system is more user friendly and easier to follow and understand than our current interface. We are very pleased to be able to offer this vast improvement to our customer and hope you will agree that is a greatly improved process.

Introduction to Shopping Cart

Shopping cart allows for a more web friendly end user experience by allowing us to setup their Self Service Work Order in a manner more like commercial web sites.  The essence of the change is that rather than create an Order Header with Items, you pick the items and then supply the information necessary for an Order Header.

WO1

Shopping Cart allows us to define Categories which appear above as “Add Equipment/Services”, “Change Equipment/Services”, etc.  Each category has items underneath that allow predefined Products to appear from selected Inventory Items and WO Item Types.  These Products appear in an easy to navigate menu allowing selection, quantities, site defined help text and images if desired.

WO2

When an item is selected, the end user will be prompted to enter information for that item. End users merely give a description of what they want for this item

WO3 

or detailed information that may be database validated data such as Telephone Number.

WO4

From within Shopping Cart, The View Cart button allows end users to see the entire order in a web friendly shopping cart format and provides the ability to change quantities, remove items and see a Subtotal for the order.  End users are not restricted to one cart only.  Each cart can be named so that multiple projects can be managed through separate shopping carts by a single end user.

WO5

In addition, the New Cart buttons allows an end user to have more than one cart and give specific names to each.  The end user can create the orders with just the information they have and continue editing them until all the required information is obtained.

Once the order is ready to be “checked out,” the end user will be prompted for information that will become the Work Order Header.

WO6

Once the information is provided, a final chance to see the detail of the cart, amounts and quantities is available.  From the Confirm Order screen, you can either edit the cart OR submit the order for processing.

Prior to submitting, the system employs default Review Step logic that “hold” the order from further processing.  The order is held in a temporary review step until the end user clicks SUBMIT to complete and send the order.  At any point prior to this, the shopping cart can be edited by the end user from the Self Service application as needed.  Once submitted, the order is available to the Telecommunications staff for processing.

wo7

 

Security of Credit Card Transactions

by Kris Rowley

CreditCard

 

We have all heard about the security breaches of credit and debit cards of the past year. TJX, Hannaford Super Market’s, Hartland, etc. Some of you may have been directly affected by these breaches. In the past year, I have personally had my card compromised twice through no fault of my own. However, the world runs on credit. So, what steps can you take to protect your card and your credit? The information in this article will shed some light on this subject and answer this question.
 
The use of credit cards to pay for goods and services is a common practice around the world. It enables business to be transacted in a convenient and cost effective manner. However, more than 100 million personally-identifiable, customer records have been breached in the US over the past two years . Many of these breaches involved credit card information. Continued use of credits cards requires confidence by consumers that their transaction and credit card information are secure. The following provides information as to how the credit card industry has responded to security issues and steps you can take to protect your information.

Who regulates the security of credit card transactions?

The Payment Card Industry (PCI) Security Standards Council developed standards and policies that must be met by all vendors which accept credit card transactions. The Council’s members include American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa International. The Council created an industry-wide, global framework that details how companies handle credit card data – specifically, banks, merchants and payment processors. The result was the Payment Card Industry (PCI) Data Security Standard (DSS) , a set of best practice requirements for protecting credit card data throughout the information lifecycle. 
 
The PCI compliance security standards outline technical and operational requirements created to help organizations prevent credit card fraud, hacking and various other security vulnerabilities and threats.
 
The PCI DSS requirements are applicable if a credit card number is stored, processed, or transmitted. The major credit card companies require compliance with PCI DSS rules via contracts with merchants and their vendors that accept and process credit cards. Banks, merchants and payment processors must approach PCI DSS compliance as an ongoing effort. Compliance must be validated annually, and companies must be prepared to address new aspects of the standard as it evolves based on emerging technologies and threats. 

How is my credit card information protected?

The PCI standards detail what protective measures are required regarding the string and transmission of credit card information. For electronic Point of Sale (POS) transactions, the information is encrypted and transmitted directly to the credit card processor. For an online transaction, the merchant is required to have a secure server and an encrypted connection to the customer. Access to credit card information is restricted based on a business need-to-know. The standards include guidelines for developing and maintaining secure systems and applications. Recent focus includes heightened security requirements for wireless networks due to the jump in the use of wireless POS terminals.  

What if a merchant does not follow the standards?

If a member, merchant, or service provider does not comply with the security requirements or fails to rectify a security issue, they may face fines up to $500,000 per incident or restrictions imposed by the credit card companies, including denying their ability to accept or process credit card transactions. 

What can I do to secure my credit card information?

You can help secure your credit card information by adhering to the following guidelines:

  • Don't respond to email or pop-up messages. If you get an email or pop-up message while you're browsing, don't reply or click on the link in the message or any attachments, especially if personal or financial information is requested. Legitimate organizations don't ask for this information in these ways.
  • Guard the security of your transaction. When purchasing online, look for the "lock" icon on the browser's status bar and be sure "https" or "s-http" appears in the website's address bar. The "s" stands for "secure."
  • Use temporary account authorizations when available. Some credit card companies offer virtual or temporary credit card authorization numbers. This kind of service gives you use of a secure and unique account number for each online transaction. These numbers are often issued for a short period of time and cannot be used after that period. Contact your credit card company to see if they offer this service.
  • Limit your online shopping to merchants you know and trust. If you have questions about a merchant, verify it with the Better Business Bureau or the Federal Trade Commission.

 

 Source: www.privacyrights.org
 Source: www.pcisecuritystandards.org

 

Enterprise Vault:  e-mail Archiving Takes Off!

by Tom Jenny

Vault
DII has recently begun to roll out the new Enterprise Vault ™ email archiving product for users of the enterprise Exchange email system. Enterprise Vault (or EV) is a Symantec product that provides automatic mailbox management features that free users from the frustrations of mailbox size quotas without compromising Exchange performance and reliability. This provides huge benefits for mail users while allowing us to keep the Exchange email system operating a peak performance. Mail is archived into “vaults” based upon age and size of attachments. Items that are vaulted are accessible from within Outlook just like regular mail items.
 
Test teams in both PSD and BISHCA are currently testing EV and we plan to enable EV for the remainder of employees in those departments as soon as testing is complete. We will be working with all the departments on the enterprise email system to develop a roll-out schedule to bring everyone onto this new mail archiving platform in coming months.
 
More information can be found about EV on our website here:
 
http://dii.vermont.gov/DII_Divisions/Server/email/Vault

 
 

Employee Bio - Pam Perry

PamPerry

In recent months our BIO’s have focused on employees fairly new to State Government. For this and the next few BIO’s we’ll shift our focus to long timers in State Government. This month we are introducing Pamela (Pam) Perry from the DII/HR Team to you. Please take this opportunity to get to know a little more about Pam as she may very well be jumping aboard the retirement bus within a few years.
 
Pam has served the citizens of Vermont, working in State Government, since October 1979. Yes, thirty years is just around the corner. She currently works as a Systems Developer with the DII/HR Vision Technical Team. Pam joined the DII team during the recent Agency of Administration’s reorganization of the Department of Human Resources within DII.
 
Pam started her career at the State with the former Department of Employment and Training, now Department of Labor. She came to SIS (State Information Systems) in the early 1980’s where she became a contract applications programmer for the Tax Department. Pam and I worked closely together in 1989 and 1990 on Tax programs and again in the early 1990’s helping to build the State’s first implementation of HRMS Peoplesoft. Following 1994 when HRMS went live, Pam accompanied the system to Finance and then Human Resources. She has remained a steady, dedicated contributor to the HR system for the last fifteen years.
 
Pam attended the University of Vermont where she studied Psychology. She currently lives in Plainfield close by to the Barre Country Club. She lives with her “son”, Hobeau, a 14-year old gray tiger cat whom she has confirmed is the most handsome and affectionate tiger cat in all of feline history. She has several nieces and nephews whom she very much enjoys spending time with and works hard to preserve her status as “favorite aunt.” She enjoys an annual family vacation to Lake Groton and occasionally accompanies family on excursions to California.
 
On a personal note, here’s what Pam says about her interests….”I love to go hiking, biking, kayaking, snow-shoeing, x-c skiing and of course take breaks to eat chocolate. I am a VPR fan (favorite show is "Wait Wait Don't Tell Me"). I like to read, and belong to a ‘book club’ which reads a book each month and meets to discuss it over dinner. Pizza would be my first choice there! I am also interested in animal well-being and environmental issues. And lastly, I’ve been heating my home with wood for over 30 years!”
Pam has truly embraced the VT outdoor life with her participation in many outdoor activities. She says she is really a warm weather person at heart though and loves to vacation somewhere in the tropics during Vermont’s wet, sticky mud season. She has a couple of close, like-minded friends who share her passion for the tropics…hikes, beaches, margaritas and relaxing with a good book. Guess we know how Pam will be spending her retirement. Don’t forget to bring Hobeau along!

 

Vermont's GIS Information Consortium Publishes Annual Report

GISConsortium

The Enterprise GIS Consortium (EGC) is a voluntary consortium of state government organizations focused on effective management of State’s Enterprise Geographic Information System (GIS).   This report documents the initiatives and accomplishments of the EGC in FY 2009.

Executive Summary 

The EGC had a dynamic and productive year, jumpstarting the State’s efforts to foster efficient and effective use of the State’s geospatial capabilities. The EGC has made significant headway in a number of critical areas, including data sharing, GIS contract services, and enterprise web mapping.
 
The EGC was chartered by the State of Vermont in August 2008, culminating a yearlong strategic planning effort managed by the Enterprise GIS Taskforce (EGT). The EGC has established a realistic and effective Enterprise GIS Strategic Plan (referred to as the Plan herein) for Vermont; a vision and a plan that supports a wide range of needs within state government. The Plan is an important part of the state’s ‘comprehensive strategy’ for the development and use of Vermont’s Geographic Information System (VGIS). The VGIS represents a broad spectrum of geospatial activities and constituencies throughout the state of Vermont, including academic, town, regional, non-profit, state, private sector, and the general public. The Plan articulates a strategic vision for the development and use of geospatial technology within state government; a critical component of the VGIS.

FY '09 Accomplishments

The section outlines specific initiatives spearheaded by the EGC in FY 2009.

 

Vermont Enterprise GIS Consortium (EGC): The EGC was successfully chartered by the State of Vermont in August 2008. A Memorandum of Understanding (MOU) was written which set forth the terms and conditions of EGC membership. Prospective EGC member organizations must be signatories to the EGC’s Memorandum of Understanding (MOU) in order to establish official membership in the consortium. The EGC was able to successfully recruit nine member organizations in FY’2009, including some of the largest agencies in the state (refer to Attachment A).  

Data Sharing: The EGC established data exchange protocols to enhance data sharing and exchange between EGC member organizations. The data exchange protocol addresses the exchange of file-based and ArcSDE datasets. It is focused on the sharing and exchange of public domain data. The data exchange protocol was successfully implemented in FY’2009. 

GIS retainer contracts: The EGC established State GIS retainer contracts for GIS products and services in FY’2009. The GIS retainer contract includes services ($150,000 maximum) to integrate, store, edit, analyze, and display geographically-referenced information in a client/server or web-based environment. As of August 2009, the retainer contract includes ten pre-approved vendors. 

Enterprise Services: The EGC successfully developed and deployed Enterprise geocoding services in FY’2009. The geocoding services allow EGC members to geocode and map address information using a central geocoding web service. The service leverages several geospatial address layers, including Vermont’s E911 data. The EGC anticipates that additional tuning will be needed to fully harness this service. 

Web Mapping: The EGC established (June 2009) a subcommittee called the Web Mapping Workgroup (WMW) to assess the web mapping needs of state government. The WMW has setout to 1) assess and document the web mapping needs of the State, 2) identify solutions that support those needs, and 3) recommend solutions that meet the State’s needs. The WMW conducted two surveys to collect information about agency web mapping needs, requirements, and plans. This information has been used to draft a web mapping “requirements, capabilities, and solutions” matrix. The matrix will help inform future web mapping investments.

Conclusion

As outlined in this report, the State’s Enterprise GIS Consortium (EGC) made significant strides in FY 2009. The demonstrated that it can effectively further the goals and objective outlined in the State Enterprise GIS Strategic Plan. It has been able to bootstrap itself into existence, and actively pursue issues pertinent to the State and its member organizations. The EGC anticipates that FY 2010 will be another effective and productive year.
  
For a full copy of the EGC Annual Report see http://www.vcgi.org/egc/EGC_AnnualReport_FY2009_final.pdf
 
For more information about the Enterprise GIS Consortium, see http://www.vcgi.org/about_vcgi/default.cfm?page=./projects/egc/default_content.cfm.

 

Go-Vermont to Launch On-line Registration and Searchable Database

GoVermont

Did you know about the free carpool and vanpool matching service offered through VTrans, Go Vermont (formerly known as Vermont Rideshare)?
 
The web site www.connectingcommuters.org contains the Get Started on-line registration for people to register and add to the database in a search for a carpool or vanpool, or to start one.  There will be a state-wide launch of the program through a media vendor later this fall once the full implementation of the automated service is completed.  Over the course of the past year, representatives of the program have attended many public events as well as published articles and outreach in coordination with Economic Development and the Department of Labor, all in an attempt to get the word out.