ITCC December 14, 2016 – Room 438 - ITD
Agenda 1:00 Update on EA Activity Jeff Quast 1:15 Update on ITD Activity Gary Vetter 1:30 Update on Agency Activities Jeff Quast 1:45 Assurance NM Update Dawn Moen 2:00 Governor Transition and CIO Dan Sipes 2:15 External Email Warning Banner Sean Wiese 2:30 SLAs Gary Vetter • Email • Active Directory • Office 365 2:45 Cybersecurity Task Force Report Sean Wiese 2:55 Future Agenda Items 2
EA Activity Architecture Teams Recaps • Security Architecture, Data Architecture, and Technology Architecture meetings were cancelled….because 3
EA Activity Application Architecture • Reviewed waiver from ITD for the Web Development Standard to not use the NDGOV banner for the GIS Data Hub • Recommending approval of the waiver on condition that the banner be added when/if the vendor supports it • Combined with domain name requirements, stands as an example of a changing application hosting environment • Continued discussion about the scope and role of the Application Architecture team • Team agreed to continue until further clarification of it’s role is realized • Still a need for integration points and business analysis • May have a role to play in maturing the procurement process and requirements gathering process in a new cloud and SaaS environment • A need was identified for all EA teams to share information and current initiatives 4
ITD Activity • Brown Bag Lunch – Review • Frans Johansson – CEO of The Medici Group - “How to Break Out of the Pack” • Pioneer Email Upgrade • Server and Disk Rate Reductions • Capital Switches – Backup Power • LuAnn Baker is the new Service Desk Manager at ITD • MFA Soft Tokens may no longer be an option (ITD and DHS for now) • ITD is piloting a next gen end point protection • NASCIO Top 10 Priorities for 2017 5
Agency Activity • Attorney General’s Office is preparing to go live with a new web site, Developed by ITD in Drupal • DOT will be going live next week with 3 new vehicle registration Kiosks in Bismarck • BND has successfully locked down USB devices and would be happy to share the process with other agencies • BND has done a table top exercise to address a severe weather event/closure • DOT is working with Waze to update Google maps to reflect things like the bridge closure on Highway 1806 • MS has announced that Office 2013 for Office 365 users will be supported until April 2018 • The Tax Dept. has enhanced their web presence to be mobile friendly 6
Assurance NM Follow Up from last month… 7
Governor Transition and CIO • Governor Elect Burgum officially takes office tomorrow, 12/15/2016 • Mike Ressler is retiring 12/31/2016 8
External Email Warning Banner 9
Email SLA • Messages from external sources are tagged with a warning. (Recipient is notified to proceed with caution.) • By default, Microsoft Exchange mailboxes are configured to: www.nd.gov/itd/services/email 10
Active Directory SLA • Active Directory and the data it contains shall not be leveraged in ways that create shadow systems (alternative solutions) to the State’s implementation of PeopleSoft/Oracle without prior approval from OMB. www.nd.gov/itd/services/microsoft-active-directory 11
Office 365 SLA Service Level Agreement Single Tenant Configuration The State of North Dakota operates as a single tenant for the ND.gov domain within Office 365. As such, certain management and configuration decisions apply to everyone and cannot be customized for individual agencies. • OneDrive is configured so that content can only be shared with other people within the ND.gov domain. No external users can be granted permission to OneDrive content. • OneDrive is configured so that content can only be synchronized locally with Windows devices that are joined to the ND.gov domain. OneDrive content cannot be synchronized onto personal computers. • ITD provisions the initial OU-level synchronization with Office 365 for agencies. Agencies are delegated the ability to manage licenses via Active Directory groups. • Microsoft allows Office 365 to be licensed on up to 5 concurrent devices. End-users are responsible for managing and deactivating licenses via the Office 365 portal. • Agencies are required to populate the Active Directory “Manager” field for each end -user so that proper notification occurs upon account removal. Otherwise, files may be lost within 30 days. • OneDrive retains 25 published major versions and 512 minor versions of files. www.nd.gov/itd/services/office-365 12
Cybersecurity Task Force • Report was delivered to the current governor • We are waiting to see what the new governor would like to do with the report and subsequently with the task force • As a reminder, the task force was asked to focus on five primary goals and objectives: • Raise executive level awareness • Discuss state government cybersecurity governance model • Discuss cyber incident response strategies • Share best practices / review network defense strategies and tools • Recommend new policies for mitigating future cyber-attacks 13
Cybersecurity Task Force • The final report had 10 recommendations • We are moving on of them, many of which were already actively being working on: • Cybersecurity Roles and Responsibilities • Common Security and Risk Assessment Program • Common Risk Ranking Methodology for the Application Inventory • Cybersecurity Monitoring Growth • Cyber-Incident Response Guide Growth • Phishing Awareness Program 14
Future Agenda Items • Revisit standards discussed in November • Discuss a possible EA 2.1 • Possible agency demo of a BI Executive Dashboard 15
Recommend
More recommend
