Tuesday, September 8, 2015 -
2:00pm to 4:30pm

Location Details: 

Pioneer Room

600 E. Boulevard Ave., Bismarck, ND

Meeting Notice

The State Information Technology Advisory Committee of North Dakota will be holding a special meeting. In the event that any or all of the members of the governing body participate in the meeting by telephone or video, a speakerphone or monitor will be available at the location noted above.

At the time this notice is being prepared, the governing body expects the agenda of its meeting to include the following topics:

Meeting Schedule
Time Topic Presenter
2:00 Welcome / Opening Comments Mike Ressler
2:05 Enterprise Architecture Update Jeff Quast
2:15 2015 Legislative Update Mike Ressler
2:30 Cybersecurity Discussion Demo Duane Schell
3:30 ITD Cloud Hosting Services Dan Sipes
4:00

Large Project Reporting

Job Service - WyCAN Closeout Report

Health Dept. - NDIIS

Justin Data

Heather Raschke

Kris Vollmer
4:25 Open Discussion / Closing Comments Mike Ressler

 Meeting Recap

Enterprise Architecture (EA) Update

  • Jeff Quast presented the progress of EA 2.0 and recent EA activity.
    • All EA standards have been reviewed and many are in the process of being updated. The expectation is that there will be fewer standards as we shift more towards best practices and guidelines as deliverables.
    • All EA meetings are now posted on ITD’s public web site as events, and each events is updated with a ‘recap’ after the meeting.
    • EA activity also included the approval of two waivers; one to BND for the RUReadyND.com domain name, and one to Game and Fish for to address the physical access standard on certain mobile devices.

 

2015 Legislative Update

  • Mike Ressler presented the effects of the legislative session on ITD and its service offerings.
    • ITD gained 13 new positions, but filling those positions continues to be more difficult than in the past. The group agreed that across government and the private sector, there are fewer qualified applicants, a lack of expertise in certain areas like security, and salaries continue to climb, making it more competitive.
    • CJIS has been transferred from ITD to the Office of the Attorney General
    • ITD will be providing Desktop Support for the 19 agencies that received funding for the service

 

Cybersecurity Discussion Demo

  • Duane Schell presented the state’s STAGEnet cybersecurity situation, the mitigation efforts in use, and the implications of those efforts.
  • The amount of activity and effort it takes to secure the network continues to increase at substantial rates. Security continues to be the top priority at ITD and other agencies, as it is with most states according to NASCIO surveys.
  • There was concern during recent legislative sessions that security efforts at the remaining exempt agencies may be less effective, but most of the tools in use protect all agencies on the network equally, and ITD collaborates with those agencies to the lower the risk.
  • In terms of what the targets of value are in NDGOV systems, ND’s energy resources may be highly sought by nation states, and any PII data is always being sought by organized crime to sell.

 

ITD Cloud Hosting Services

  • Dan Sipes presented ITD’s position on Cybersecurity roles and responsibilities, and its position on Cloud services and hosting.
    • The SOC2 Audit is online at http://www.nd.gov/auditor/reports/i112_15.pdf
    • The cybersecurity roles and responsibilities exist on multiple levels:
      • Senior Management (Agencies)
      • Information Security Management (ITD)
      • Information Owner (State Agencies)
      • Technology Providers (ITD or Vendors)
      • Supporting Functions (Audit, Physical Security, Disaster Recovery)
      • Users (State Agencies and the Stakeholders)
    • Agencies should be aware of the increased need for Multi Factor Authentication and budget for it if needed
    • ITD provides online
    • Recent cyber-attacks have resulted in ITD establishing 3 major priorities
      • More restrictions on the tools that agencies and their vendors use to administer web sites.
      • Significant effort to develop an Application Inventory and Categorization.
      • Security scanning for all critical applications, which agencies will need to budget for.
  • Dan Sipes presented ITD’s position on Application Portfolio Management and Cloud Services
    • ITD will partner with agencies to manage their application portfolio, and serve in a Cloud Broker. The cost for this on existing applications will be grandfathered in, but planning during 15-17 should include budgeting for that brokerage.

 

Large Project Reporting – Justin Data

  • Justin Data explained the mandated reporting process for project oversight variance levels, which is 20% or more on project cost or project schedule. He also explained the concept of defining a new baseline and a recovery strategy.
    •  
  • Kris Vollmer and Teresa Booth presented the Health Department’s NDIIS project (see presentation for details)
  • Cheri Giesen presented Job Service North Dakota’s WyCAN project closeout report (see presentation for details)
Where noted, the discussion of some of the above topics may be held in executive session rather than during the portion of the meeting that is open to the public. If this is a regular meeting, additional topics may be discussed. If this is a special or emergency meeting, the governing body's discussion will be limited to the topics and executive sessions listed above.
Date of Notice: 
July 27, 2015
Notice Provided By: 
Jeff Quast, 701 328-1993
Attachments: 
PDF icon SITAC 2015-09-08 Presentation PDF icon SITAC 2015-09-08 Minutes