December 2013

In This Issue

  • Conference Save The Date
  • The "Spotlight"
  • Emerging IT Leader Summit
  • CJIS Update

"If your actions inspire others to dream more, learn more, do more and become more, you are a leader. "
-John Quincy Adams 


News Feed Provides Easy Access to Tech News

The TAGITM home page has several technology news feeds on the latest in technology news. Visit www.tagitm.org to find the latest technology stories to help stay current with breaking stories. If you know of a great news feed we can incorporate into the website, please let us know by emailing website@tagitm.org.


 

 

Conference Save The Date

TAGITM – Keep IT Wired is the theme for this year’s TAGITM Annual Conference which will be held on April 28-May 1, 2014! The conference will be hosted at the Austin Sheraton at the Capitol and exciting plans are underway for excellent presentations, informative panels, and fun networking events.

Please participate in the TAGITM education survey so that you can help shape the topics for the education sessions that will be presented at the annual conference. The Call for Papers will open the week of December 16. Sponsorship and Exhibit opportunities will be available in late December and registration will open in early February so mark your calendars now and plan to attend this year’s Annual Conference in Austin! 


Organization in The Spotlight


Organization Name:
Wood County TX

Number of IT Workers in the Organization: 2


Significant Technology Achievements: 
Public access to most public records via internet, digital imaging and preservation of old deed records, replacement and upgrades of telephone systems across all county offices, replacement of outdated courts and justice software


Plans for Future Technology Initiatives: 
VDI / Mobile computing for users in various offices, courts, and other departments.


Most Challenging Project: 
Courts and Justice Software upgrade (still underway) – Project requires a lot of time from IT staff to review source data and make corrections to source data as needed or specified by software vendor. New software also requires updated hardware and client software on user PCs. This has required the IT department to dedicate a large amount of time (during and after hours) to not only perform the daily operations of the IT department, but to also manage and oversee the software conversion and hardware upgrades as needed.


Most Rewarding Project:
Phone system upgrades – We have replaced all outdated phone systems in Wood County offices with VoIP and have started the process of conversion to SIP. In our county, several offices were long distance due to the different TELCOs in our county and long distance bills between offices were expensive. With our new system we have tied all offices together, allowing for direct dialing via the VoIP. After the SIP conversion is completed next year, we estimate that Wood County will save over $2000 per month in telecommunications costs alone. This created a savings of $72,000 over the next three years - for a small county that is a significant amount of money.


What is Most Valuable About Being a TAGITM Member:
Networking and Experience. Within the TAGITM community, we have many years of experience and knowledge that we all share with each other. We learn from each other and learn the do’s and don’ts and the best practices.


Emerging Leader IT Summit

Again this year, TAGITM partnered with the Texas Association of State Systems for Computing and Communication (TASSCC) to co-host the 2013 TASSCC/TAGITM joint IT Leadership Summit. The Summit was held at the beautiful Westin La Cantera Resort in San Antonio, Texas on October 28-29, 2013 and was focused on developing "Emerging IT Leaders”.

Dr. Barry Bales, Assistant Dean for Professional Development at the Lyndon B. Johnson School of Public Affairs, The University of Texas at Austin led the Summit.

Keynote speakers included Chris Germann, Gartner Regional Vice President, and Brad Rable, Gartner Executive Partner, who challenged participants to think and act strategically.

The summit also included the opportunity for participants to develop and "sell” an IT Project proposal to a panel of seasoned CIOs. This hands on exercise provided real world practical experience in a learning environment. Thank you to all of the emerging leaders who participated in this successful event!


CJIS Update

The following article highlights and summarizes changes to CJIS 5.2 that are especially important for IT managers to note.

Information Exchange Agreements (5.1.1, 5.1.1.3, 5.1.1.6, 5.1.1.7, 5.1.1.8, 5.1.2, 5.1.4)
Several clarifications involving whom should be involved with signing agreements and policies prior to the dissemination or access of CJIS data.

Security Awareness Training (5.2.1.1, 5.2.1.2)
These new sections clarify physical security risks and how to prevent physical equipment and data loss; defining individual accountability access control issues; accessing CJIS on personally owned equipment; the use of encryption and transmission of sensitive/confidential information over the internet. There is much guidance for protection by addressing agency policy and procedures with acknowledgement statements. Clarification on desktop security is addressed such as shoulder surfing and other ways to restrict viewers view of screen information.

Auditing and Accountability (5.4.6)
A shall statement was added that agencies shall retain audit records for at least one year.

Access Control (5.5.6.1, 5.5.7.3.1, 5.5.7.3.3)
BYOD and employee owned devices for accessing of CJIS data over cellular networks is addressed in detail. Mobile Device Management (MDM) is a suggested management utility for firewall and anti-virus services with the specific minimum MDM requirements of remote locking and wiping of the device, setting and locking device configuration, detection of rooted and/or jail broken devices and the ability to enforce folder and/or disk level encryption.

Identification and Authentication (5.6.2.1.1)
Agencies shall not allow the same authenticator to be used multiple times on a device or system. Authentication multiple factors in shall be unique.

Physical Protection (5.9.1, 5.9.1.8)
A police vehicle shall be considered a physically secure location until September 30th, 2014. Note: Alan Ferretti, CJIS ISO for the Texas Department Public Safety on June 20, 2013, did announce that the FBI would be removing the date requirement, and in CJIS 5.3, the clarification will be added. He did also state that his auditors were auditing this allowance this year.

A physically secure location is a facility, a police vehicle or an area, a room, or a group of rooms within a facility with both the physical and personnel security controls sufficient to protect CJIS and associated information systems. The physically secure location is subject to criminal justice agency management control; SIB control; FBI CJIS Security addendum; or a combination thereof. For the purposes of this policy, a police vehicle is defined as an enclosed criminal justice conveyance with the capability to comply, during operational periods, with section 5.9.1.3.

Systems and Communications Protection and Information Integrity (5.10.1.5, 5.10.4.1, 5.10.4.3)
Restrictions were defined in Cloud Computing use for example, metadata from CJIS shall not be used by a Cloud Provider and the provider shall be prohibited from scanning any email or data files for analytics building, data mining, advertising, etc. Additionally, they are requiring software developers/vendors to develop policy to ensure timely installation of newly released security relevant to patches, service packs and hot fixes. This will put pressure on agencies still using Windows XP to replace it in order to meet this requirement. Additionally, agencies shall employ spyware protection at workstations, servers and mobile computing devices on the network.

For more information, the entire 186 page 5.2 policy document and the transitions and updates document can be found here.




Texas Association of Governmental Information Technology Managers
P. O. Box 200363, Austin, Texas 78720