Quarterly Agency CIOIT Manager Meeting

1
Quarterly Agency CIO/IT Manager Meeting
Office for Information Technology July 14, 2006
2
Agenda

• General updates by Kristen Miller, CIO
• Keystone Plan priorities by Kristen Miller, CIO
• Business Reference Model by Pennsylvania
  Management Associate (PMA) project team
• Business Solutions Center of Excellence (BSCoE)
  by Dennis Dombrowski
• Security update by Robert L. Maley, CISO
• .NET Executive Overview by Microsoft
• Open questions/issues

3
General updates

• Community of Practice (CoP) process
• IT Recruitment Committee
• ITA update
• Legislative Update
• Microsoft

4
FY 07-08 CoP Timeline
5
FY 07-08 CoP Timeline - continued
6
OIT Priorities

• Telecommunications Network
• Complete VOIP Wireless Pilots and Deployment
  plans, policies and procedures
• Assessing Multi-protocol Label Switching and
  Internet Protocol v6.
• Implement Telecommunications Governance Board

• Security
• Telecommunications
• Shared Services
• PowerPort Redesign
• Human Resource IT Initiatives

7
OIT Priorities

• Shared Services
• Infrastructure SS
• Enterprise Help Desk
• Seat Management Strategy
• TAR - Technical Architecture Review board
• Enterprise Processing Facilities
• Applications SS
• Expansion of BOSCOE
• Business Process Review framework
  
  
  

• Security
• Telecommunications
• Shared Services
• PowerPort Redesign
• Human Resource IT Initiatives

8
OIT Priorities

• PowerPort Redesign
• Strategy for Commonwealth-wide redesign
• Built on AquaLogic Platform
• Common Look and Feel / Branding

• Security
• Telecommunications
• Shared Services
• PowerPort Redesign
• Human Resource IT Initiatives

9
OIT Priorities

• Human Resource IT Initiatives
• Civil Service IT Committee
• Recruitment, Internships, Testing Process
• IT Classification and Pay Study

• Security
• Telecommunications
• Shared Services
• PowerPort Redesign
• Human Resource IT Initiatives

10
Business Reference ModelCreating an Application
Portfolio for Commonwealth Citizen Services
By Pennsylvania Management Associates
(PMA) Anthony Laratonda, Joseph Mangarella and
Lori Ann Jenkins
11
Goals and Objectives

• Extend Business Reference Model (BRM) from
  theoretical model to one containing software
  applications
• Attach applications to Lines of Business and Sub
  Functions
• Develop comprehensive portfolio of citizen-based
  software applications

12
Methodology

• Met with 2004-2005 PMA team
• Defined specific data elements to be recorded
• Developed DB with data elements
• Analyzed secondary data, mapped applications
• Collected primary data from agencies
• Populated catalog, Visio documentation

13
Data Analysis and Modeling

• At the time of analysis
• 24 of the 27 Lines of Business represented
• Total of 547 software applications reported
• Almost ½ (49.18) categorized in 3 of the 24
  lines of business.
• 6 diagrams created

14
Conclusions

• The Business Reference Model (BRM)
• Reduces time involved identifying software
  applications
• Eliminates steps taken when searching for
  appropriate software packages
• Presents applications that, after modifications,
  function as suitable solutions
• Pilot study should be conducted to further test
  effectiveness of the BRM

15
Business Solutions Center of Excellence (BSCoE)
By Dennis Dombrowski
16
Presentation Overview

• BSCoE and You
• Vision and Goals
• Stakeholders and Approach
• BSCoE Assets and Services
• BSCoE Supported Initiatives

17
What BSCoE Is Not
18
BSCoE and You
Agencies use Enterprise Portal for collaboration,
integration, content management, and search.
BSCoE, Enterprise Portal, and Agency Integration
Layer
Agency Java and .NET Applications
BSCoE Application Enablement
19
BSCoE Vision

• Business Solutions Center of Excellence (BSCoE)
  is an initiative to provide best-of-breed
  guidance for custom software application
  development.
• BSCoE consists of
• Standards and Plans
• Software Development Assets like the BSCoE.NET
  Framework
• Software Process Assets like the BSCoE Software
  Engineering Process BSCoE SEP
• Repository to house the above assets
• Technical environment and demonstration
  capabilities
• Team to support BSCoE and provide coaching and
  mentoring services
• BSCoE makes these assets, along with standardized
  processes, tools, guidance, and coaching
  available to the Commonwealths Agencies.

20
BSCoE Goals

• Improve efficiency and reduce cost
• Promote collaboration across Agencies and Teams
• Establish consistent and continuously improving
  IT processes
• Promote reuse of shared common applications and
  components
• Leverage existing application investments
• Continuously improve in-house skills and
  capabilities
• Help agencies develop high quality solutions

21
Key BSCoE Stakeholders
22
BSCoE Assets and Services

• Existing
• BSCoE Information Portal (BIP)
• BSCoE.NET Framework (for .NET 1.1 and 2.0)
• BSCoE Software Engineering Process (BSCoE SEP)
• BSCoE Quality Assurance Application (QA App)
• Mentoring/Coaching
• Supported / In Progress
• BEA Aqualogic (formerly Plumtree) support
• Java Application Development Framework (BSCoE4J)
• Local Center of Excellence (CoE) Establishment
• Centralized asset repository
• .NET Domain Object Framework

23
BSCoE Information Portal (BIP)

• www.bscoe.state.pa.us
• Available on both the intranet and the Internet
• First Commonwealth production site to use the new
  portal platform BEA AquaLogic

24
BIP Information Library
25
BSCoE.NET Framework
26
BSCoEs Software Engineering Process (SEP)

• Why use the SEP
• Easy to understand and use
• Vendor independent / tool agnostic
• Customizable
• Aligns with other Commonwealth processes
• What the SEP does not explicitly cover
• Project management
• Operations

27
BSCoE SEP Disciplines and Artifacts
28
BSCoE SEP in 2 Clicks
29
BSCoE QA Application Success Through
Collaboration

• Built a quality assurance application to use
  BSCoE assets in an Agency-specific business
  context. Application included the following user
  interfaces
• Browser-based UI (ASP.NET)
• Web Services (WS-I)
• AquaLogic portlets
• Worked through 6 iterations of development with
  Agency involvement using a variety of agile
  techniques such as test driven development
  continuous integration and time-boxed iterations
• Employed all 7 BSCoE.NET application blocks, all
  29 BSCoE SEP assets, available in both VB.NET and
  C for .NET 1.1 and 2.0, and consumes Web
  services through Plumtree portlets
• Providing mentoring and lab sessions to give
  Agency development staff hands-on experience with
  BSCoE tools and techniques

30
BSCoE Assets and Services

• Existing
• BSCoE Information Portal (BIP)
• BSCoE.NET Framework (for .NET 1.1 and 2.0)
• BSCoE Software Engineering Process (BSCoE SEP)
• BSCoE Quality Assurance Application (QA App)
• Mentoring/Coaching
• Supported / In Progress
• BEA Aqualogic (formerly Plumtree) support
• Java Application Development Framework (BSCoE4J)
• Local Center of Excellence (CoE) Establishment
• Centralized asset repository
• .NET Domain Object Framework

31
QA Application in BEA Aqualogic
Map from BGT Web service
Case data from BSCoE QA App Web services
Case calendar portlet
Documents crawled from file repository
32
BSCoE Framework Vision Functional Parity
Between Java and .NET Frameworks
Working with PennDOT projects to
establish Java Framework
33
Federated Model Local CoEs

• Federated operational model with local Agency
  centers of excellence
• Software support using federated asset management
  tools

34
Centralized Asset and Metadata Management
35
Local CoE Update - DLI

• DLI CoE team is continuing to work on the
  internal project (BORG) currently in the
  elaboration phase.
• Completed two construction phase mentoring
  sessions for the DLI local CoE team/
• Established a BIP community for DLI CoE that has
  information about the local CoE as well as links
  to a DLI repository of assets
• Focus of BSCoE team will be on LogicLibrary
  enablement for CoEs starting July

36
Local CoE Update - PennDOT

• BSCoE4J the Java framework is packaged and
  available for use
• Establishment of usage blueprints has been
  completed addresses four industry standard
  deployments (EJB-local, EJB-remote, no-EJB, and
  lightweight container)
• Developed the process to govern changes to BSCoE
  assets. Three asset types are defined
  BSCoE-supported assets, assets with local CoE
  support, and contributions
• Focus of BSCoE team is in enabling LogicLibrary
  and guide the PennDOT use of BSCoE4J in .Centric
  project

37
BSCoE Going Forward Expanding Asset Utilization
38
BSCoE plans for FY07
39
FY07 Deliverables and Timeline
40
BSCoE In The News

• BSCoE awarded Computerworld Honors Laureate and
  competed for a finalist spot in Washington D.C.
  in June
• BSCoE submitting case study for NASCIO evaluation

41
For More Information

• BSCoE Information Portal (BIP) Internet and
  intranet
• http//www.bscoe.state.pa.us
• BSCoE Resource Account
• ra-bscoe_at_state.pa.us

42
Security Update
By Robert L. Maley, Chief Security Officer
43
Pennsylvania Information Sharing Analysis
Center (PA-ISAC)

• Secure Portal pilot underway in conjunction with
  Department of Homeland Security
• Open to Agency Information Security Officers
• 2nd Monthly Cyber Security Tips Newsletter
  published
• 141 resource files in the library
• Policies, alerts, newsletters, security best
  practices, videos

44
Initiatives

• Commonwealth wide Security Awareness training
• Vulnerability Scanning
• Penetration Testing
• Enterprise Technology Security Council
• Cyber Security Awareness Month October 2006
• Proclamation, Calendars, Webcasts, Posters,
  Public Service Announcements
• CISSP Training DVDs made available to agency
  ISOs
• 4th CISO Roundtable will be held in September

45
When Thumbs Attack

• 7 July 2006 Request received to send out a
  Commonwealth wide alert about attacks against
  governmental agencies using thumb drives
• 23 June 2006 - Department of Homeland Security
  Daily Open Source Infrastructure reports that
  there is a new Trojan attacking governmental and
  political networks.
• 21 June 2006 WTAE-TV reports that Several
  political groups in the country have begun an
  assault of governmental and other political
  groups computer systems and networks
• 21 June 2006 Butler City Police issue a news
  release warning of possible attacks against
  governmental and other political groups computer
  systems and networks
• 20 June 2006 A mid-western corporate security
  consultant posts the following to a digital crime
  news-list in response to another post. Just so
  you're aware, there are "bad guys" penetrating
  networks using USB flash drives to
  surreptitiously load Trojan horse software
• 19 June 2006 The original post to the news-list
  by a security person at a southern states
  Department of Health read I need to run a test
  on (try to crack) the password on a Kingston
  DataTraveler "Elite - Privacy Edition" USB thumb
  drive. 2 GB if that makes a difference. Can
  anyone recommend any tools to try?
• 7 June 2006 An article entitled Social
  Engineering, the USB Way is posted to a
  security practitioner web site.

46
What Went Wrong

• The newsgroup poster , while trying to be
  helpful, assumed that everyone knew that bad
  guys were penetration testers
• The police captain, wanting to keep agencies in
  his area safe, issued an official news release
  based on un-corroborated information from a
  safe newsgroup.
• The TV station reporter accepted the official
  police news release at face value and didnt
  check the facts
• Department of Homeland Security reported the
  incident as real without any corroborating
  reports.

47
.NET Executive Overview
Microsoft
48
Open Questions and Issues
Thank you very much and we are adjourned