Fundamentals of Information Technology Management
-
Upload
khangminh22 -
Category
Documents
-
view
4 -
download
0
Transcript of Fundamentals of Information Technology Management
Fundamentals
Wednesday am
Core Mission and IT How it Works
MSU IT Pyramid Assignment Information Sharing
Planning, Developing, and
Implementing IT Applications and Projects
Wednesday pm
Managing IT Professional
IT Wrap Up Session
Core Mission and IT
“Information technology must honor due process and equal protection, independence and impartiality, and the roles that courts and other organizations in the justice system properly play” NACM
Court Leaders
must know information technology fundamentals and ensure that they and their technical staff stay current with how other organizations and courts are using technology successfully.
must appreciate both the capacities and the limitations of always evolving technology tools.
establish and manage expectations
must know what options exist, how technology evolves, the issues that arise with the use of technology, and how to select the most appropriate solution.
Court Leaders
must know information technology fundamentals and ensure that they and their technical staff stay current with how other organizations and courts are using technology successfully.
must appreciate both the capacities and the limitations of always evolving technology tools.
establish and manage expectations
must know what options exist, how technology evolves, the issues that arise with the use of technology, and how to select the most appropriate solution.
Court Leaders
must know information technology fundamentals and ensure that they and their technical staff stay current with how other organizations and courts are using technology successfully.
must appreciate both the capacities and the limitations of always evolving technology tools.
establish and manage expectations
must know what options exist, how technology evolves, the issues that arise with the use of technology, and how to select the most appropriate solution.
Court Leaders
must know information technology fundamentals and ensure that they and their technical staff stay current with how other organizations and courts are using technology successfully.
must appreciate both the capacities and the limitations of always evolving technology tools.
establish and manage expectations
must know what options exist, how technology evolves, the issues that arise with the use of technology, and how to select the most appropriate solution.
court leaders and technologists,
who often work in different worlds, to have a shared understanding of
the impact of technology on the
court’s mission and goals.
“For most of human civilization, the
pace of innovation has been so slow that a generation might pass before a discovery would
influence your life, culture or the
conduct of nations.”
Neil deGrasse Tyson
8088 CPU 4.77 MHZ
64 KB RAM Green Text Monitor
Up to 20 Meg Hard Drive 50 LBS
Quad Core 2.34 GHZ (Apple A10 Chip)
1334-by-750 HD Display Millions of Colors
Up to 256 Gigabyte Flash Drive 4.87 Ounces
IBM PC 5150
Apple iPhone 7
National Conference of Bankruptcy Clerks (NCBC) – July 2017
ITGovernanceintheFederalJudiciary
AprilWiggs,ChiefofEnterpriseProjectServicesDivisionTechnologySolutionsOffice(TSO)
2
ITGovernanceintheFederalJudiciary
“ITProjects”areoftennotaboutITatall.Theyareabout…
• Implementingcollaboration tools
• Creatinganewbusinessprocess
• Supportingoverallbusinesschange
• DrivingITgovernance
3
ITGovernanceintheFederalJudiciary
WhatisITGovernance?• Responsibility
• Authority
• Communication
• Empowerment
• FundamentalframeworkforITplanning
• AlignmentofITstrategy
• Riskmitigationandoversight
4
ITGovernanceintheFederalJudiciary
WhatDrivesITGovernanceintheJudiciary?
• BusinessStrategyandITinitiatives
• Principles,PoliciesandFrameworks
• Processandsystemissues
• JudicialandRegulatorycompliance
• Organizationalstructures
• Culture,EthicsandBehaviors
5
ITGovernanceintheFederalJudiciary
ITGovernanceFrameworkFiveAreasofFocus:1. Strategicalignment
2. Valuedelivery
3. Resourcemanagement
4. Riskmanagement
5. Performancemeasures
6
ITGovernanceintheFederalJudiciary
BestPracticesinITGovernance• FollowtheleadofyourITsteeringCommittee• Developaplanforcommunicating• Monitorandregularlyupdateaccordingly• Staycurrentonpendingandproposedregulations• Ensuregovernancesupport• AlignITandtopleadershiptoensuresuccess
8
ITGovernanceintheFederalJudiciary
ShapingNationalPolicy,ITProgramsandInitiatives
AdvisoryCouncils
q BudgetandFinanceq HumanResourcesq InformationTechnology
§ 3Judges(1forBK)§ 1CircuitExecutive§ 1AssistCircuitExec
forIT§ 6 Clerks(3forBK)§ 3ProbationChiefs§ 1Librarian§ 1LiaisonJudgefrom
JCUSITCommitteeq SpaceandSecurity
PeerAdvisoryGroups
WorkingGroups
JudicialConferenceoftheUnitedStates(JCUS)
AODirector
q BankruptcyAdministrators§ 6Members
q BankruptcyClerks§ OneClerkperCircuit§ NCBCPresident
q BankruptcyJudges§ 13JudgesperCircuit§ 1At-LargeJudge(Recalled)§ 1JCBKJudgeObserver§ NCBJPresident§ NCBJPresident-Elect
q BKBestPracticesq BKClerks’Offices
StaffingFormulaDevq BKNoticingq CourtITOperationsq NextGenofCM/ECF
§ 2BKJudges§ 2BKLawClerks§ 3Clerks§ 2ChiefDeputies§ 1OpsSupervisor§ 2ITManagers§ 4ProjectSteering
q CourtAdministrationandCaseManagementq AdministrationoftheBankruptcySystemq CommitteeonInformationTechnologyq BankruptcyRules
10
ITGovernanceintheFederalJudiciary
ITGovernanceResources:ITPoliciesGuidetoJudiciaryPolicyVolume15:InformationTechnologyhttp://jnet.ao.dcn/policy-guidance/guide-judiciary-policy/volume-15-information-technology
ITGovernanceResources:ITStandardsProjectManagement/JudiciaryITProjectManagement(ITPM)Frameworkhttp://jnet.ao.dcn/information-technology/project-management/judiciary-it-project-management-itpm-frameworkSecurity/JudiciaryInformationSecurityFrameworkhttp://jnet.ao.dcn/information-technology/security/framework-shpNetworkshttp://jnet.ao.dcn/information-technology/networksHostinghttp://jnet.ao.dcn/information-technology/hostingEnterpriseArchitecturehttp://jnet.ao.dcn/information-technology/enterprise-architecture
11
ITGovernanceintheFederalJudiciary
ITGovernanceResources:ITandFacilitiesLongRangePlanforITintheFederalJudiciary(2017)http://jnet.ao.dcn/resources/reports-and-publications/it-long-range-plan
ITServicesCataloghttp://jnet.ao.dcn/information-technology/it-services-catalog
ContractsandEnterpriseAgreementshttp://jnet.ao.dcn/information-technology/contracts-and-enterprise-agreements
CourtroomTechnologyhttp://jnet.ao.dcn/information-technology/courtroom-technology
CourthouseTechnologieshttp://jnet.ao.dcn/Facilities/Courthouse_Technology.html
12
ITGovernanceintheFederalJudiciary
ITGovernanceResources:Funding
JudiciaryInformationTechnologyFund(JITF)
• LocalandNationalAllotmentstoCourtUnits
• FundstoAOOfficestomaintainnationalsystems
http://jnet.ao.dcn/policy-guidance/guide-judiciary-policy/volume-15-information-technology/ch-2-funding
CourtroomTechnologyFundingFormulahttp://jnet.ao.dcn/facilities-security/facilities/courthouse-tech/courtroom-technology-funding/courtroom-technology-funding-formula
HybridCloud
43
StorageManagement &AutomationCompute
Network
StorageManagement &AutomationCompute
Network
PrivateCloud PublicCloud
CloudComputingStrategyandRoadmap
HybridCloudPrivateCloud PublicCloud
AOCourtsVision
44
AnyCloud
AnyDevice
DesktopMobileIdentity
AnyApplication
TraditionalApps Cloud-NativeApps SaaSApps
CloudComputingStrategyandRoadmap
• Mission–Whyweexist• Values–Whatwebelievein• Vision–Whatwewant• Strategy–Ourgameplan
PlanningApproachCloudComputingStrategyandRoadmap
45
✓✓✓✓
Goal1:CloudComputingStrategyandRoadmap
46
The cloud computing program must be able to provide an evolving catalog of cloud-based solutions to the judiciary.
Goal2:CloudComputingStrategyandRoadmap
47
The cloud computing program must spur innovation at the enterprise level.
Goal3:CloudComputingStrategyandRoadmap
48
The cloud computing program must support local court IT staff.
Goal4:CloudComputingStrategyandRoadmap
49
The cloud computing program must ensure flexibility for the judiciary’s heterogeneous environment.
Goal5:CloudComputingStrategyandRoadmap
50
The cloud computing program must ensure the confidentiality, integrity, and availability of judiciary data and systems.
IT SecurityFundamentals
Created by Steve MassingInformation Security Officer 10th Circuit
Courts#Minion
Part 1: Security UpdatePart 2: Judiciary ResponsePart 3: The Scorecard#OrCanIMakeYouFallAsleepInThreeEasySections#BarryLameThereWillBeNoCutesySlides#ThereMightBeATestAtTheEnd#JustKiddingAboutTheTest
2
Along time ago in a datacenter far away…#NerdReference:StarWars#PatheticEffortToLeveragePopCultureAndKeepAudienceInterest#SteveShouldBeAshamed
5
0
200
400
600
800
1000
1200
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
caught with our breaches down#Groan#DidHeReallySaidThat#ShamefulAttemptAtHumor#EmbarrassedForBarryyet
Part 2: Judiciary Response#WhyIsMyITStaffSoStressed#TheyUsedToHaveHair#BarryDidToo#Here’sAPicture#WaitWhat?
28
#JustLikeSteveAtProm#NothingPreparedMeForThat#ThisExplainsSoMuch#WorstSeniorPromEver#Classy
things don’t look so good
JENIESingleSignOn● 2-FactorAuth ● JIFS● NAD●SPLUNKLogManagement●
SOCExpansion● SSLDecryption● KASE●
NESSUS,Cyberarc ● SDSOTrainingInitiatives●
InternationalTravelProgram● AnnualSelfAssessment●
Scorecard
18
31
What is the Scorecard?What is the IT Security Scorecard?One Piece of Puzzle: One part of the Judiciary’s information security strategy.Self Assessment: Check your own progress toward a mature information security program.Promotes Discussions: Assists unit executives and IT staff to work together to plan, prioritize IT investments, and understand choices.
One Piece of the Security Pie
TheScorecard
PeriodicIndependentAssessments
JudiciaryInformationSecurity
Framework
SecurityToolsProject
AONetworkandSecurityResources
Circuit-BasedSecurityStaffing
SecurityTraining
ü Judiciary Information Security Framework andOtherResources
ü AO Network and Security ResourcesSSLDecryption,JFS,ITSO,SOC,AOTO,2-FactorAuth
ü Circuit-Based Security StaffingCircuitISO,SecurityContractors
ü Security Trainingü Security Tools Project
Designedtoprovideafullfeaturedcommontoolsettomeetmoderninformationsecurityrequirements
ü Periodic Independent Assessments (Every4or5years)Designedtovalidateacourtssecurity
ü Scorecard (Everyyear)Selfassessment
Where We Are Right Now
7YearsofSecurity
Assessments
CISOSurveyofCourt
SecurityPractices
Discussionswith
Stakeholders(CISO,ITSO,ACEs&SM’s)
SOCAlerts&Reports
How was our current security maturity determined? YOU told us.• Discussions with stakeholders:
CISOs, ITSO, the ACEs and System Managers
• Collective results of 7 years worth of Security Assessments
• CISO Survey of court units on their security practices
• SOC alerts and AO Reports
Where We Are Heading
IndustryBest
Practices
NIST
CISTop20 TheGuide
JudiciaryInformationSecurity
Framework
ISOStandards
Our Goal• Industry standard best
practices in information security• CIS Top 20 Critical Controls• NIST (National Institute of
Standards in Technology)• ISO (International Organization
for Standardization)• JISF (Judiciary Information
Security Framework)• The Guide
The Gap?CISOs looked at the GAP. Items selected were… • Fundamental: Considered essential by the entire
industry.• Foundational: The foundations of a full spectrum IT
security program.• Address Demonstrated Gaps: Not being done
consistently by court units across the entire judiciary.• Effective: Shown to be effective at reducing risk to
the enterprise.• Measurable: Are measurable and demonstrated to be
effective.• Not Everything That Needs to be Done: This is not
everything we can or need to do.
WhereTheScorecardFitsIn?
SecurityMaturity
WHEREWEARERIGHTNOW WHEREWEAREHEADINGTHEGAP
THESCORECARD
THESCORECARD
How will the Scorecard Help my Court Unit?• Understanding: Provides a baseline
secure posture that enables judiciary units to understand how effective their own security program is.• Plan and Implement: Identifies areas
that need future investments and assists unit executives, system managers, and other stakeholders with prioritizing IT investments.• Improves Security of the Judiciary: By
elevating your own security posture, you help protect the ENTIRE judiciary.
What Areas are Currently Covered?
Identify
• System/Software Inventory and Data Identification
• Required Policy• Privileged Account Access
Protect
• Password Security• Web-based Threat Protection• Security Training• Physical Security• Patch Management
Detect• Log Management• Anti-Malware Protection• Perimeter Protection
Respond • Incident Response
Recover • Data Resiliency
Information Sharing
Assignment
Visit three technology related booths at Info Sharing.
Obtain the following information:
What does the application/technology provide the user? In other words, what is it?
How did they gather customer requirements/needs in developing the product?
How do they provide training/support for the product?