Home    |    Site Map    |    Privacy    |    Contact Us    |    RSSSubscribe
aboutNascio
Email This Page     |     Print This Page     |    
Comments?     |     Share This Link

ABOUT NASCIO   |   CIO Spotlight

Denise Moore
Chief Information Technology Officer Executive Branch
Director of the Kansas Division of Information Systems and Communications

In Kansas, the Division of Information Systems and Communications, also known as DISC, delivers 24x7 central information technology services. With revenues of approximately $38 million and 190 employees, DISC serves all of state government and several local units of government. Together with our partners, DISC strives to provide outstanding cost-effective services and products to our customers including:

  • Statewide data, voice and video network services with Internet access through multiple redundant providers
  • State of the art data center hosting services, providing fully redundant functionality with an offsite disaster recovery/hot site to maintain operational continuity in the event one of the facilities experiences an outage
  • Mainframe, UNIX and distributed computing environments and application hosting
  • Application development, maintenance and support for statewide mission critical applications such as personnel/payroll, accounting and reporting, debt collection and budget management
  • E-government web development and hosting
  • IT security oversight and coordination for the state's telecommunications network
  • Security services including training, incident response and remediation, data recovery, vulnerability scanning, and computer forensics investigations
  • Central mail pickup, distribution and associated services
  • Data storage, backup, and recovery moving data between devices as required by program retention
  • Central storage area network leasing
  • Custom printing and form design, creation and implementation
  • Wireless networking services with controlled guest wireless Internet access
  • Small agency support providing a full range of IT services for small agencies, commissions and boards without IT staff
  • High-level enterprise technical problem solving and support to facilitate effective analysis, troubleshooting and closure of particularly difficult problems
  • Geographic information systems providing state and local units of government and the private sector portal access to a suite of web-based GIS applications and web services, documents, and standards
  • Enterprise IT project management consultation, reporting and oversight for large IT projects

NASCIO: In an environment of increasing external threats as well as vulnerabilities created by more mobile workers and new technologies, what has been your major challenge with respect to IT security?

Moore: External threats and vulnerabilities continue to grow. The number of threats has increased significantly in the past year alone. These threats feed on an explosion of vulnerabilities and increasingly come from criminal enterprises. Last year, according to IBM ISS, there were a total of 7,247 vulnerabilities - up 39.5% from 2005. The real issue is not just the number of vulnerabilities, but the access afforded by these vulnerabilities. The battle to stay ahead of the exploits is waged on a daily basis. Traditional methods of prevention are no longer adequate.

With that in mind, mobile workers using technologies such as laptops, IPods PDAs and USB drives increase the number of avenues malware can enter a system.

Alleviating many of these problems must start with the user. Armed with basic security knowledge, users can be the first line of defense and help avoid problems. Both technician and user security training and retraining should be emphasized.

NASCIO: What advice would you give to other State CIOs as being the most important elements of securing state IT infrastructure and protecting the privacy of citizens' personal information?

Moore: There is no single solution to securing state IT infrastructure. Security is a multifaceted issue that requires multidimensional action. With the technological complexity of IT networks, many levels of security integration are needed. IT network personnel must engage in more than just "pushing packets". Likewise, network security personnel have to be sensitive to the ins and outs of network engineering. The challenge is getting both groups on the same page - breaking down the traditional silos that have existed. You can have the best technology in the world, but at the end of the day success or failure rests on people.

We have all heard about data privacy breaches. Data owners need to step up and take responsibility for the data they maintain, achieving levels of security consistent with data sensitivity. Once this way of thinking is in place, measures to meet the expectations of the data owners are relatively straightforward. Another tool that can be useful is frequent auditing. An auditor knows where the responsibilities of parties involved with data begin and end. Ultimately, an auditor can be your best advocate.

NASCIO:As CIO, how have you optimized your state's IT assets and delivery of services using a shared enterprise infrastructure model, especially as they relate to Consolidation and Shared Services, and Data center consolidation strategies and business justification?

Moore: Kansas has successfully undertaken shared services and consolidation strategies in several areas that are common across the enterprise and eliminate the need for duplicate services among agencies. Services include 24 x 7 operations and network control centers, printing applications and services, computing platforms and application hosting, security services, applications that serve the enterprise, central mail services, shared data storage, backup and recovery, state of the art primary and off-site data centers, disaster recovery, and local and wide area voice, data and video networking. Recent enterprise projects include:

  • A wireless LAN initiative enabling wireless LAN communications in primary state campus buildings. Using centralized wireless LAN controllers, access points, and authentication methods state agency staff can log onto their agency network from any location in the state campus that is wireless enabled.
  • A statewide email directory to increase ease of communication between and among state agencies is available on-line to all state employees. In addition to reducing the numbers of email platforms, this effort breaks down information silos within state government, allowing state employees to easily communicate and collaborate via email without having to convert all agencies to one email system.
  • An off-site data center was constructed. This data center is used by multiple state agencies for disaster recovery and hot site services.

NASCIO: As CIO, what initiatives have you undertaken to promote cross-boundary collaboration and coordination with local governments in your state?

Moore: Kansas has undertaken cross-boundary collaboration and coordination with local governments with initiatives such as:

  • Vendor management, which is overseen by a multi-agency Strategic Sourcing Group, using techniques such as vendor consolidation, product standardization, industry best practices, procurement guidelines, and spending analysis to directly reduce costs, get more for the dollars we spend and reduce risk. Significant to this activity is the involvement and participation of local units of government and a wide variety of state agencies, including higher education. Working to serve a wider range of customers brings a new focus and innovative techniques to many of the activities in this area.
  • State services directory that provides all citizens of Kansas with a web-based central site for locating information about services and programs offered by state agencies. Citizens can determine which agency provides the service, who to contact by phone and/or email, and if there is a web site associated with the service for more information. An added benefit of this directory is the ability for state employees to more efficiently route misdirected calls.

NASCIO: Please describe some of the major IT projects and initiatives that your state plans to undertake over the next 1-3 years.

Moore: Financial Management System: Kansas' philosophy and approach to execution of State administrative functions includes a more decentralized approach while fostering collaborative decision-making, placing an increased focus on analyzing data about the state's operations and pursuing efficiencies on an enterprise basis. As a result, managers have become acutely aware of deficiencies in the state's financial and procurement systems that make it difficult to obtain information needed to adequately assess the efficiency of many aspects of operations.

Kansas recently engaged in a study to assess agency and central needs for a statewide financial management system (FMS). The goal of the study was to identify and evaluate the cost-benefit of various alternatives for meeting those needs, including the possibility of acquiring a new statewide FMS. The study was completed and has been approved by policymakers with expected completion in 2010.

Network Operations, Infrastructure and Organization Upgrade: To further the process of continuous quality improvement, a study was undertaken to assess network operations, infrastructure and organization as the basis for enhancements in network availability, technical support and customer services.

The objective of the study was to identify requirements for the State's network infrastructure, operation and organizational functions, analyze the state's current network capabilities, develop specific recommendations to bring state network functions in line with industry best practices, and develop a roadmap for the growth and improvement of the network. The study was completed at year's end. Implementation of the roadmap will take place over the next two years.

NASCIO: Please provide any additional information that you would like to include.

Moore: IT Enterprise Architecture in Kansas has been enhanced with a clear vision of mission and includes long range IT planning, creating and managing IT standards, and communicating and managing a consistent IT direction for all state agencies. EA has progressed in the areas of IT business and strategic planning and fostering better communications and planning for IT projects across the enterprise. This improved effort results in better utilization of state resources through initiatives such as business modeling efforts that span multiple agencies.

Geographic Information System has expanded its outreach efforts in the widespread storage, retrieval, mapping, and analysis of geospatial data, which aids local and state government in better decision making, increased efficiencies and cost reductions.

IT Project Management in Kansas places a proactive emphasis on the management of large IT projects leading to the early identification of issues. This allows potential problems to be addressed in a timely manner, resulting in more successful IT projects. In addition to project management certification, training classes have been expanded to include Risk Management, Contract Management, Requirements Management, Aspects of Project Control, and Vendor Management and Communication Techniques. These classes have resulted in better trained project managers who can manage projects more effectively and ensure the state's IT projects are delivered on time and within budget.

.
Profiles of Progress II: State Health IT Initiatives IT Consolidation & Shared Services in the States D TV