Government Technology - December 2008 - (Page 26) After the Storm departments to avoid the of do things in an efficient way,” risky practice of giving only said John Pescatore, a Gartner one employee the keys to the analyst who specializes in secudigital kingdom. Pescatore rity and privacy. “We also see said Tivoli and Computer government staffs are often much Associates provide tools that more multipurpose.” In other Doug Robinson, create automated logs for docwords, while a private company executive director of umenting network changes may have a large department of NASCIO, said that the and blocked accesses. administrators, a much smaller San Francisco incident Pescatore said the software government agency may only be is an anomaly and that able to afford one administrator most insider issues are a would log if an employee were trying to surf an unauthorized who also performs other func- result of lack of awaredatabase, making administrations that are unrelated to IT ness and training. tors aware of suspicious activity. administration. “The more common problem people worry Although it can be expensive to install such about, and the more common way things have software agents on every necessary server, gone wrong, is when an authorized adminis- that price might be dwarfed by the cost and trator — we typically call them a super-user — humiliation of having to notify 27 million oversteps their authority,” Pescatore said. They citizens that their information was compromight do things that they really shouldn’t do mised, he said. just because they have administrative access, whether it’s IRS taxpayer database surfing or passport application surfing, he said. Pescatore also recommends that departThe NASCIO report identified maliments stay on top of who needs access for cious employees as the No. 1 insider threat what task, and remove the appropriate access to a department’s data, and it offers ways to when tasks are no longer necessary. This role- deal with them. According to the report, IT based access protocol restricts system access employees may be too proficient for rolesto authorized users only. based access and security awareness proAlthough most of the dust has settled, San Francisco’s Department of Information Technology still has a pile of digital debris to sift through. Apparently disgruntled network administrator Terry Childs left a device hidden on the city FiberWAN network that, as of this writing, IT staff are still trying to locate — months following Child’s arrest. The IDG News Service reported on Sept. 10, 2008, that an outside router was installed on the FiberWAN network that provided unauthorized remote access. City officials discovered it in August and don’t have the correct user name or password, so they can’t log on to the device and see what’s going on. The prosecution has a screenshot of the message received when the improper login information is entered: “This system is the personal property of Terry S. Childs.” Keeping a Watchful Eye “Certainly a warning sign for management is if an individual is taking a lot of overtime or is using a lot of overtime. It means that particular individual is probably being overworked. It requires some of the responsibilities to be spread around.” Bill Schrier, chief technology officer, Seattle “That seems simple, but so many times security audits are done and you find 30 percent of the admin accounts are still active, even though that person doesn’t work there anymore and hasn’t for months. As soon as those privileges are not needed to do their job, those privileges or authorizations should be removed,” he said. Pescatore and Schrier recommend configuring security management software tools so the authorizations of two administrators are required before significant changes can be made. Implementation of this type of software in a network environment forces DEC_08 tocols. Their activity should be monitored and audited for abnormalities and dealt with quickly through severe consequences, including criminal charges if necessary. NASCIO Executive Director Doug Robinson recommends departments pay attention to employees who are under stress. “Perhaps they are going through a divorce, a foreclosure or financial instability,” he said. “They are disgruntled because of a performance appraisal compensation or a raise that they didn’t believe was adequate. They were demoted; they were fired perhaps.” Schrier said he also believes that managers should keep an eye out for employee stressors. “Certainly a warning sign for management is if an individual is taking a lot of overtime or is using a lot of overtime. It means that particular individual is probably being overworked,” he said. “It requires some of the responsibilities to be spread around.” According to Schrier, if managers watch overtime and disperse responsibilities, they might also reduce the chances of IT workers getting too attached to their code. People who get too wound up in their work can become overly possessive, as if they’re working on personal property instead of government-owned resources and projects. IT shops should know as much as possible about prospective employees before hiring them by expanding background check procedures. The Post’s August article reported that Childs “carried a list of convictions, including aggravated burglary, aggravated robbery and theft, according to court documents.” He spent four years in a Kansas prison, but according to court documents he omitted those details from his employment application for San Francisco government service, The Post reported. 26 http://www.govtech.com
Table of Contents Feed for the Digital Edition of Government Technology - December 2008 Government Technology - December 2008 Contents Point of View Four Questions for... On the Scene Big Picture Year in Review Who Controls Your Network? Paper Makes a Comeback Halting Meth Abuse Spectrum Up Close signal:noise Digital Communities Contents Becoming a Digital Community Rethinking 700 MHz Smart Grids: Powering the Future Gearing Up for Crime 2.0 Software Predicts Crime Local Portals on the Red Carpet More Than Just a Pretty Face Government Technology - December 2008 Government Technology - December 2008 - Government Technology - December 2008 (Page Cover1) Government Technology - December 2008 - Government Technology - December 2008 (Page Cover2) Government Technology - December 2008 - Contents (Page 3) Government Technology - December 2008 - Contents (Page 4) Government Technology - December 2008 - Point of View (Page 5) Government Technology - December 2008 - Four Questions for... (Page 6) Government Technology - December 2008 - On the Scene (Page 7) Government Technology - December 2008 - Big Picture (Page 8) Government Technology - December 2008 - Big Picture (Page 9) Government Technology - December 2008 - Year in Review (Page 10) Government Technology - December 2008 - Year in Review (Page 11) Government Technology - December 2008 - Year in Review (Page 12) Government Technology - December 2008 - Year in Review (Page 13) Government Technology - December 2008 - Year in Review (Page 14) Government Technology - December 2008 - Year in Review (Page 15) Government Technology - December 2008 - Year in Review (Page 16) Government Technology - December 2008 - Year in Review (Page 17) Government Technology - December 2008 - Year in Review (Page 18) Government Technology - December 2008 - Year in Review (Page 19) Government Technology - December 2008 - Year in Review (Page 20) Government Technology - December 2008 - Year in Review (Page 21) Government Technology - December 2008 - Who Controls Your Network? (Page 22) Government Technology - December 2008 - Who Controls Your Network? (Page 23) Government Technology - December 2008 - Who Controls Your Network? (Page 24) Government Technology - December 2008 - Who Controls Your Network? (Page 25) Government Technology - December 2008 - Who Controls Your Network? (Page 26) Government Technology - December 2008 - Who Controls Your Network? (Page 27) Government Technology - December 2008 - Who Controls Your Network? (Page 28) Government Technology - December 2008 - Who Controls Your Network? (Page 29) Government Technology - December 2008 - Who Controls Your Network? (Page 30) Government Technology - December 2008 - Who Controls Your Network? (Page 31) Government Technology - December 2008 - Who Controls Your Network? (Page 32) Government Technology - December 2008 - Who Controls Your Network? (Page 33) Government Technology - December 2008 - Who Controls Your Network? (Page 34) Government Technology - December 2008 - Who Controls Your Network? (Page 35) Government Technology - December 2008 - Who Controls Your Network? (Page 36) Government Technology - December 2008 - Who Controls Your Network? (Page 37) Government Technology - December 2008 - Who Controls Your Network? (Page 38) Government Technology - December 2008 - Who Controls Your Network? (Page 39) Government Technology - December 2008 - Paper Makes a Comeback (Page 40) Government Technology - December 2008 - Paper Makes a Comeback (Page 41) Government Technology - December 2008 - Paper Makes a Comeback (Page 42) Government Technology - December 2008 - Paper Makes a Comeback (Page 43) Government Technology - December 2008 - Halting Meth Abuse (Page 44) Government Technology - December 2008 - Halting Meth Abuse (Page 45) Government Technology - December 2008 - Spectrum (Page 46) Government Technology - December 2008 - Spectrum (Page 47) Government Technology - December 2008 - Up Close (Page 48) Government Technology - December 2008 - Up Close (Page 49) Government Technology - December 2008 - signal:noise (Page 50) Government Technology - December 2008 - signal:noise (Page Cover3) Government Technology - December 2008 - signal:noise (Page Cover4) Government Technology - December 2008 - Digital Communities (Page DCCover1) Government Technology - December 2008 - Digital Communities (Page DCCover2) Government Technology - December 2008 - Contents (Page DC3) Government Technology - December 2008 - Becoming a Digital Community (Page DC4) Government Technology - December 2008 - Becoming a Digital Community (Page DC5) Government Technology - December 2008 - Rethinking 700 MHz (Page DC6) Government Technology - December 2008 - Rethinking 700 MHz (Page DC7) Government Technology - December 2008 - Rethinking 700 MHz (Page DC8) Government Technology - December 2008 - Rethinking 700 MHz (Page DC9) Government Technology - December 2008 - Rethinking 700 MHz (Page DC10) Government Technology - December 2008 - Rethinking 700 MHz (Page DC11) Government Technology - December 2008 - Rethinking 700 MHz (Page DC12) Government Technology - December 2008 - Rethinking 700 MHz (Page DC13) Government Technology - December 2008 - Rethinking 700 MHz (Page DC14) Government Technology - December 2008 - Rethinking 700 MHz (Page DC15) Government Technology - December 2008 - Rethinking 700 MHz (Page DC16) Government Technology - December 2008 - Rethinking 700 MHz (Page DC17) Government Technology - December 2008 - Rethinking 700 MHz (Page DC18) Government Technology - December 2008 - Rethinking 700 MHz (Page DC19) Government Technology - December 2008 - Rethinking 700 MHz (Page DC20) Government Technology - December 2008 - Rethinking 700 MHz (Page DC21) Government Technology - December 2008 - Smart Grids: Powering the Future (Page DC22) Government Technology - December 2008 - Smart Grids: Powering the Future (Page DC23) Government Technology - December 2008 - Smart Grids: Powering the Future (Page DC24) Government Technology - December 2008 - Smart Grids: Powering the Future (Page DC25) Government Technology - December 2008 - Smart Grids: Powering the Future (Page DC26) Government Technology - December 2008 - Smart Grids: Powering the Future (Page DC27) Government Technology - December 2008 - Smart Grids: Powering the Future (Page DC28) Government Technology - December 2008 - Smart Grids: Powering the Future (Page DC29) Government Technology - December 2008 - Gearing Up for Crime 2.0 (Page DC30) Government Technology - December 2008 - Gearing Up for Crime 2.0 (Page DC31) Government Technology - December 2008 - Software Predicts Crime (Page DC32) Government Technology - December 2008 - Software Predicts Crime (Page DC33) Government Technology - December 2008 - Software Predicts Crime (Page DC34) Government Technology - December 2008 - Software Predicts Crime (Page DC35) Government Technology - December 2008 - Local Portals on the Red Carpet (Page DC36) Government Technology - December 2008 - Local Portals on the Red Carpet (Page DC37) Government Technology - December 2008 - More Than Just a Pretty Face (Page DC38) Government Technology - December 2008 - More Than Just a Pretty Face (Page DCCover3) Government Technology - December 2008 - More Than Just a Pretty Face (Page DCCover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.