Government Technology - December 2008 - (Page 25)

In his blog post, Hiring Felons, Bill Schrier, CTO of Seattle, said government needs to be more diligent when scrutinizing prospective applicants. by initially refusing to offer the passwords. These security steps included revisiting the city’s intrusion detection and intrusion prevention strategies, architecture and approach. The city was also working to enhance asset management, identity access and password management tools. Internal Threats Unfortunately insider sabotage comes with the territory. In 2007, the Journal of Computer-Mediated Communication published a graph of public- and private-sector security breaches from 1980 to 2006. In 2006 alone, of about 250 reported incidents, nearly 200 came from threats within the organizations that reported the breaches. This graph was reprinted in a 2007 report, Insider Security Threats: State CIOs Take Action Now!, published by the National Association of State Chief Information Officers (NASCIO). The San Francisco story can also be seen as a warning, and CIOs have definitely taken notice. Robinson said the Department of Technology was in the process of furthering its security protocols and mechanisms, and Childs made the changes difficult Hacker and Organizational Culpability in Reported Incidents of Compromised Records, 1980-2006 300 250 200 150 100 50 0 1985 1990 1995 2000 2005 1980 Unattributed Attributed to Hacker Attributed to Someone Inside the Organization SOURCE: Journal of Computer-Mediated Communication Bill Schrier, chief technology officer of Seattle’s Department of Information Technology, wrote about the incident on “The Chief Seattle Geek Blog.” He advises that CIOs should be careful not to give one employee too much power over the network. “That sort of responsibility has to be shared, and to actually share it, there ought to be multiple administrators who can do the same sort of work and have access to the passwords — with management oversight to make sure that the job responsibilities are divided and supervised,” he said. Schrier isn’t the only one with that opinion. “You must have a balance of authority across your security layer, either with the network or applications, so you don’t have one person that is godlike and controls all your resources,” said Rico Singleton, a New York state deputy CIO. “You typically have a decentralized or federated security model of which you have redundant levels of super-user administrator type of authority.” Redundant levels of access means there will be more than one way, or more than one high-level administrator, with top-level authority, to access the system. However, the ability to distribute network responsibilities between different people may not always be easy to attain in state and local government. “Government budgets and government personnel policies make it much harder to sort 25 http://www.govtech.com

Table of Contents Feed for the Digital Edition of Government Technology - December 2008

Government Technology - December 2008 Contents Point of View Four Questions for... On the Scene Big Picture Year in Review Who Controls Your Network? Paper Makes a Comeback Halting Meth Abuse Spectrum Up Close signal:noise Digital Communities Contents Becoming a Digital Community Rethinking 700 MHz Smart Grids: Powering the Future Gearing Up for Crime 2.0 Software Predicts Crime Local Portals on the Red Carpet More Than Just a Pretty Face

Government Technology - December 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.