Fundamentals of Information Technology Management

Fundamentals of Information

Technology Management

What Everyone Needs to Know About How It

All Works!

Approach

Fundamentals

Wednesday am

Core Mission and IT How it Works

MSU IT Pyramid Assignment Information Sharing

Planning, Developing, and

Implementing IT Applications and Projects

Wednesday pm

Managing IT Professional

IT Wrap Up Session

Core Mission of Courts

What Do Courts Do?

How IT Supports That Mission

Core Mission and IT

“Information technology must honor due process and equal protection, independence and impartiality, and the roles that courts and other organizations in the justice system properly play” NACM

Band Leaders

Court

Court Leaders

must know information technology fundamentals and ensure that they and their technical staff stay current with how other organizations and courts are using technology successfully.

must appreciate both the capacities and the limitations of always evolving technology tools.

establish and manage expectations

must know what options exist, how technology evolves, the issues that arise with the use of technology, and how to select the most appropriate solution.

court leaders and technologists,

who often work in different worlds, to have a shared understanding of

the impact of technology on the

court’s mission and goals.

Technology Basics

“For most of human civilization, the

pace of innovation has been so slow that a generation might pass before a discovery would

influence your life, culture or the

conduct of nations.”

Neil deGrasse Tyson

8088 CPU 4.77 MHZ

64 KB RAM Green Text Monitor

Up to 20 Meg Hard Drive 50 LBS

Quad Core 2.34 GHZ (Apple A10 Chip)

1334-by-750 HD Display Millions of Colors

Up to 256 Gigabyte Flash Drive 4.87 Ounces

IBM PC 5150

Apple iPhone 7

Acceleration in the courts?

Paper Files

Open Shelf Files

BANS BNC

Bankruptcy Courts

NIBS

BANCAP

BUMS

CM/ECF

BANS BNC

Bankruptcy Courts

NIBS

BANCAP

BUMS

CM/ECFNEXTGen

Seven Years

ServicesApplications

Governance

Infrastructure

IT Governance in the Federal Courts


Governance

Infrastructure

National Conference of Bankruptcy Clerks (NCBC) – July 2017

ITGovernanceintheFederalJudiciary

AprilWiggs,ChiefofEnterpriseProjectServicesDivisionTechnologySolutionsOffice(TSO)

2


“ITProjects”areoftennotaboutITatall.Theyareabout…

• Implementingcollaboration tools

• Creatinganewbusinessprocess

• Supportingoverallbusinesschange

• DrivingITgovernance

3


WhatisITGovernance?• Responsibility

• Authority

• Communication

• Empowerment

• FundamentalframeworkforITplanning

• AlignmentofITstrategy

• Riskmitigationandoversight

4


WhatDrivesITGovernanceintheJudiciary?

• BusinessStrategyandITinitiatives

• Principles,PoliciesandFrameworks

• Processandsystemissues

• JudicialandRegulatorycompliance

• Organizationalstructures

• Culture,EthicsandBehaviors

5


ITGovernanceFrameworkFiveAreasofFocus:1. Strategicalignment

2. Valuedelivery

3. Resourcemanagement

4. Riskmanagement

5. Performancemeasures

6


BestPracticesinITGovernance• FollowtheleadofyourITsteeringCommittee• Developaplanforcommunicating• Monitorandregularlyupdateaccordingly• Staycurrentonpendingandproposedregulations• Ensuregovernancesupport• AlignITandtopleadershiptoensuresuccess

7


8


ShapingNationalPolicy,ITProgramsandInitiatives

AdvisoryCouncils

q BudgetandFinanceq HumanResourcesq InformationTechnology

§ 3Judges(1forBK)§ 1CircuitExecutive§ 1AssistCircuitExec

forIT§ 6 Clerks(3forBK)§ 3ProbationChiefs§ 1Librarian§ 1LiaisonJudgefrom

JCUSITCommitteeq SpaceandSecurity

PeerAdvisoryGroups

WorkingGroups

JudicialConferenceoftheUnitedStates(JCUS)

AODirector

q BankruptcyAdministrators§ 6Members

q BankruptcyClerks§ OneClerkperCircuit§ NCBCPresident

q BankruptcyJudges§ 13JudgesperCircuit§ 1At-LargeJudge(Recalled)§ 1JCBKJudgeObserver§ NCBJPresident§ NCBJPresident-Elect

q BKBestPracticesq BKClerks’Offices

StaffingFormulaDevq BKNoticingq CourtITOperationsq NextGenofCM/ECF

§ 2BKJudges§ 2BKLawClerks§ 3Clerks§ 2ChiefDeputies§ 1OpsSupervisor§ 2ITManagers§ 4ProjectSteering

q CourtAdministrationandCaseManagementq AdministrationoftheBankruptcySystemq CommitteeonInformationTechnologyq BankruptcyRules

9


ResourceComponentsofITGovernance

10


ITGovernanceResources:ITPoliciesGuidetoJudiciaryPolicyVolume15:InformationTechnologyhttp://jnet.ao.dcn/policy-guidance/guide-judiciary-policy/volume-15-information-technology

ITGovernanceResources:ITStandardsProjectManagement/JudiciaryITProjectManagement(ITPM)Frameworkhttp://jnet.ao.dcn/information-technology/project-management/judiciary-it-project-management-itpm-frameworkSecurity/JudiciaryInformationSecurityFrameworkhttp://jnet.ao.dcn/information-technology/security/framework-shpNetworkshttp://jnet.ao.dcn/information-technology/networksHostinghttp://jnet.ao.dcn/information-technology/hostingEnterpriseArchitecturehttp://jnet.ao.dcn/information-technology/enterprise-architecture

11


ITGovernanceResources:ITandFacilitiesLongRangePlanforITintheFederalJudiciary(2017)http://jnet.ao.dcn/resources/reports-and-publications/it-long-range-plan

ITServicesCataloghttp://jnet.ao.dcn/information-technology/it-services-catalog

ContractsandEnterpriseAgreementshttp://jnet.ao.dcn/information-technology/contracts-and-enterprise-agreements

CourtroomTechnologyhttp://jnet.ao.dcn/information-technology/courtroom-technology

CourthouseTechnologieshttp://jnet.ao.dcn/Facilities/Courthouse_Technology.html

12


ITGovernanceResources:Funding

JudiciaryInformationTechnologyFund(JITF)

• LocalandNationalAllotmentstoCourtUnits

• FundstoAOOfficestomaintainnationalsystems

http://jnet.ao.dcn/policy-guidance/guide-judiciary-policy/volume-15-information-technology/ch-2-funding

CourtroomTechnologyFundingFormulahttp://jnet.ao.dcn/facilities-security/facilities/courthouse-tech/courtroom-technology-funding/courtroom-technology-funding-formula

13


Questions&Answers


Governance

Infrastructure

IT Anatomy 101

WAN DCN

Router

RouterRouter

DCN

Router

NextGenArchitectureStrategy

1990s/2000s/2010s

396/29/2017

DCCM/ECF

BKCM/ECF

NextGenArchitectureStrategy

2020s

406/29/2017

HybridCloud

43

StorageManagement &AutomationCompute

Network

StorageManagement &AutomationCompute

Network

PrivateCloud PublicCloud

CloudComputingStrategyandRoadmap

HybridCloudPrivateCloud PublicCloud

AOCourtsVision

44

AnyCloud

AnyDevice

DesktopMobileIdentity

AnyApplication

TraditionalApps Cloud-NativeApps SaaSApps

CloudComputingStrategyandRoadmap

• Mission–Whyweexist• Values–Whatwebelievein• Vision–Whatwewant• Strategy–Ourgameplan

PlanningApproachCloudComputingStrategyandRoadmap

45

✓✓✓✓

Goal1:CloudComputingStrategyandRoadmap

46

The cloud computing program must be able to provide an evolving catalog of cloud-based solutions to the judiciary.


47

The cloud computing program must spur innovation at the enterprise level.


48

The cloud computing program must support local court IT staff.


49

The cloud computing program must ensure flexibility for the judiciary’s heterogeneous environment.


50

The cloud computing program must ensure the confidentiality, integrity, and availability of judiciary data and systems.

Cyber Security

IT SecurityFundamentals

Created by Steve MassingInformation Security Officer 10th Circuit

Courts#Minion

Part 1: Security UpdatePart 2: Judiciary ResponsePart 3: The Scorecard#OrCanIMakeYouFallAsleepInThreeEasySections#BarryLameThereWillBeNoCutesySlides#ThereMightBeATestAtTheEnd#JustKiddingAboutTheTest

2

Part 1: Security Update#JustTheFactsPlease#AndMaybeAStoryPrettyPlease

3

The Heartbleed Bug#SoundsKindaGross#ABugAnEntymologistWouldHate#NotAsCheerfulAsThisSlideImplies

4

Along time ago in a datacenter far away…#NerdReference:StarWars#PatheticEffortToLeveragePopCultureAndKeepAudienceInterest#SteveShouldBeAshamed

5

Spring 2014Heartbleed is Announced

6

A few days later…VPN Servers Susceptible

7

One day later…Chinese hackers

begin stealing info

8

The next day…VPN is patched and

stealing stops

9

Custom malware is planted on a server at a district court

10

Strange activity noted.Court notified.Nothing found.

11

More analysis is necessary

12

Fall 2014Malware identified and remedies

deployed

13

Lessons Learned

14

Targeted Attack

15

Custom malware

16

Bad password practices

17

Hackers are not stupid

18

But wait, there’s more…#OhCrap

19

0

200

400

600

800

1000

1200

2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

caught with our breaches down#Groan#DidHeReallySaidThat#ShamefulAttemptAtHumor#EmbarrassedForBarryyet

How much does this affect the judiciary? #GoodQuestion

21

incidents every minute

396

35,642incidences during this workshop

What’s the biggest threat today? #YetAnotherGoodQuestion#Impressed

24

#2015#BadStuff

ransomware

#2016#ReallyBadStuff

ransomware

mware#2017Projected#ummmm#16xTheAmountIn2015

Part 2: Judiciary Response#WhyIsMyITStaffSoStressed#TheyUsedToHaveHair#BarryDidToo#Here’sAPicture#WaitWhat?

28

#JustLikeSteveAtProm#NothingPreparedMeForThat#ThisExplainsSoMuch#WorstSeniorPromEver#Classy

things don’t look so good

The OPM Breach and Mitre Study#WhatIsGoingOn#TheUnvarnishedTruth

30

JENIESingleSignOn● 2-FactorAuth ● JIFS● NAD●SPLUNKLogManagement●

SOCExpansion● SSLDecryption● KASE●

NESSUS,Cyberarc ● SDSOTrainingInitiatives●

InternationalTravelProgram● AnnualSelfAssessment●

Scorecard

18

31

why?#It’sThatBad?

#Yes#Really?#Yes#Crap#Yes

32

why?#It’sThatBad?

#Yes#Really?#Yes#Crap#Yes

33

1we are slow to change and the world is moving fast

34

2we have a culture that emphasizes convenience over

security

35

4 areas1. Improve the network2. Improve the toolset3. Improve staff training4. Check our work

36

Part 3: The Scorecard#HelpingYouUnderstand#BringingSustainableChangeToCourts

37

What is the Scorecard?What is the IT Security Scorecard?One Piece of Puzzle: One part of the Judiciary’s information security strategy.Self Assessment: Check your own progress toward a mature information security program.Promotes Discussions: Assists unit executives and IT staff to work together to plan, prioritize IT investments, and understand choices.

One Piece of the Security Pie

TheScorecard

PeriodicIndependentAssessments

JudiciaryInformationSecurity

Framework

SecurityToolsProject

AONetworkandSecurityResources

Circuit-BasedSecurityStaffing

SecurityTraining

ü Judiciary Information Security Framework andOtherResources

ü AO Network and Security ResourcesSSLDecryption,JFS,ITSO,SOC,AOTO,2-FactorAuth

ü Circuit-Based Security StaffingCircuitISO,SecurityContractors

ü Security Trainingü Security Tools Project

Designedtoprovideafullfeaturedcommontoolsettomeetmoderninformationsecurityrequirements

ü Periodic Independent Assessments (Every4or5years)Designedtovalidateacourtssecurity

ü Scorecard (Everyyear)Selfassessment

Where Do The Scorecard ItemsCome From?

SecurityMaturity

WHEREWEARERIGHTNOW WHEREWEAREHEADINGTHEGAP

Where We Are Right Now

7YearsofSecurity

Assessments

CISOSurveyofCourt

SecurityPractices

Discussionswith

Stakeholders(CISO,ITSO,ACEs&SM’s)

SOCAlerts&Reports

How was our current security maturity determined? YOU told us.• Discussions with stakeholders:

CISOs, ITSO, the ACEs and System Managers

• Collective results of 7 years worth of Security Assessments

• CISO Survey of court units on their security practices

• SOC alerts and AO Reports

Where We Are Heading

IndustryBest

Practices

NIST

CISTop20 TheGuide

JudiciaryInformationSecurity

Framework

ISOStandards

Our Goal• Industry standard best

practices in information security• CIS Top 20 Critical Controls• NIST (National Institute of

Standards in Technology)• ISO (International Organization

for Standardization)• JISF (Judiciary Information

Security Framework)• The Guide

The Gap?CISOs looked at the GAP. Items selected were… • Fundamental: Considered essential by the entire

industry.• Foundational: The foundations of a full spectrum IT

security program.• Address Demonstrated Gaps: Not being done

consistently by court units across the entire judiciary.• Effective: Shown to be effective at reducing risk to

the enterprise.• Measurable: Are measurable and demonstrated to be

effective.• Not Everything That Needs to be Done: This is not

everything we can or need to do.

WhereTheScorecardFitsIn?

SecurityMaturity

WHEREWEARERIGHTNOW WHEREWEAREHEADINGTHEGAP

THESCORECARD

THESCORECARD

How will the Scorecard Help my Court Unit?• Understanding: Provides a baseline

secure posture that enables judiciary units to understand how effective their own security program is.• Plan and Implement: Identifies areas

that need future investments and assists unit executives, system managers, and other stakeholders with prioritizing IT investments.• Improves Security of the Judiciary: By

elevating your own security posture, you help protect the ENTIRE judiciary.

What Areas are Currently Covered?

Identify

• System/Software Inventory and Data Identification

• Required Policy• Privileged Account Access

Protect

• Password Security• Web-based Threat Protection• Security Training• Physical Security• Patch Management

Detect• Log Management• Anti-Malware Protection• Perimeter Protection

Respond • Incident Response

Recover • Data Resiliency

Questions?

47

We need your help#Me?#OhCrap!

48

Fundamentals

Core Mission and IT

How it Works

MSU IT Pyramid

Assignment for the Information Sharing

Information Sharing

Assignment

Visit three technology related booths at Info Sharing.

Obtain the following information:

What does the application/technology provide the user? In other words, what is it?

How did they gather customer requirements/needs in developing the product?

How do they provide training/support for the product?

Fundamentals of Information Technology Management

Documents

Transcript of Fundamentals of Information Technology Management