The director of the National Institutes of Health has notified employees to expect random computer audits as the agency works to ensure full compliance with its security policies. NIH discovered that a stolen laptop PC belonging to NIH contained medical data and Social Security numbers of 1,200 patients involved in medical research.
The theft of the unencrypted laptop was a major violation of NIH’s commitment to protect the confidentiality of patients, Dr. Elias Zerhouni, the agency’s director, said in a memo sent to all NIH employees.
NIH originally believed that no Social Security numbers were on the missing laptop, but an investigation of backup files proved otherwise. NIH is sending letters to notify those who might be affected. NIH is offering free credit monitoring and insurance for as much as $20,000 in losses for patients affected by the incident, an NIH spokeswoman said.
“It is important that we do everything possible to reassure the public and our patients that we all take our responsibility regarding protection of sensitive data from loss or misuse extremely seriously in an age of increasing sophistication in information technologies,” Zerhouni said.
The new security precautions follow the theft of an unencrypted NIH laptop in February. The computer contained information about more than 3,000 patients in a clinical research project at NIH’s National Heart, Lung and Blood Institute.
The stolen laptop violated a federal policy that requires agencies to encrypt mobile devices that contain personal information. The policy of NIH and its parent, the Health and Human Services Department, is to encrypt all government laptops with approved encryption software, whether or not the PCs contain sensitive or personal information, Zerhouni said.
Employees also must encrypt portable media, such as flash drives, if they contain sensitive government data. NIH’s information technology employees have encrypted nearly 11,000 laptops, Zerhouni said.
The disk encryption software must meet the National Institute of Standards and Technology’s Federal Information Processing Standard 140-2. Encryption packages meeting that standard are available for Microsoft Windows and Linux operating systems. A separate package is under review for the Apple Macintosh operating system.
The agency has prohibited employees from using sensitive information on Apple Macintosh laptops because NIH’s encryption software from Check Point cannot be installed on them, said John Jones, NIH’s chief information officer and acting director of the Center for IT. NIH has about 4,500 Mac laptops, but only some contain sensitive data.
Check Point’s Pointsec encryption for Mac laptops is in testing, said David Vergara, product marketing directing of data security products at Check Point. He said he expects it to be ready in a few weeks.
http://fcw.com/articles/2008/04/11/nih-to-crack-down-on-encryption.aspx
Wednesday, April 15, 2009
DHS: Blogs give department a new voice
According to DHS Web Communications Director Gwynne Kostin, the agency’s Leadership Journal was born partly from the intense debate surrounding the now-defeated Comprehensive Immigration Reform Act. DHS officials found they also wanted to put out their own views on the immigration issue.
“People in the blogosphere were saying things that were very negative about the immigration bill, but we didn’t have an opportunity to say, ‘Well here’s another view,’ ” Kostin said in a presentation today at the Advanced Learning Institute’s Social Media for Government conference in Alexandria, Va.
This dialog is part of the reason why blogs are catching on at agencies. DHS’ is one of about 30 ongoing blogs maintained by government agencies.
The Leadership Journal is unusual because DHS Secretary Michael Chertoff contributes to it, making it one of two blogs cabinet officers contribute to. The other is run by Health and Human Services Secretary Mike Leavitt, who launched his after HHS experimented with a temporary open-discussion blog about pandemic flu in May 2007.
Kostin said the blog has already paid off. An April 4 posting by Chertoff emphasized the importance of restricting hand-carried liquids onto commercial aircraft, referring to an ongoing trial of eight Britons who planned to blow up seven trans-Atlantic flights by using liquid explosives.
DHS also allows people to comment anonymously on entries. Although the agency combs comments for offensive material, moderators allow sometimes-heated discussions to take place on the blog. Kostin said these discussions are a good way to engage the public on current issues, which is the blog’s primary function.
“I really think social media and these tools are really a way to bring people closer to the government,” she said.
“People in the blogosphere were saying things that were very negative about the immigration bill, but we didn’t have an opportunity to say, ‘Well here’s another view,’ ” Kostin said in a presentation today at the Advanced Learning Institute’s Social Media for Government conference in Alexandria, Va.
This dialog is part of the reason why blogs are catching on at agencies. DHS’ is one of about 30 ongoing blogs maintained by government agencies.
The Leadership Journal is unusual because DHS Secretary Michael Chertoff contributes to it, making it one of two blogs cabinet officers contribute to. The other is run by Health and Human Services Secretary Mike Leavitt, who launched his after HHS experimented with a temporary open-discussion blog about pandemic flu in May 2007.
Kostin said the blog has already paid off. An April 4 posting by Chertoff emphasized the importance of restricting hand-carried liquids onto commercial aircraft, referring to an ongoing trial of eight Britons who planned to blow up seven trans-Atlantic flights by using liquid explosives.
DHS also allows people to comment anonymously on entries. Although the agency combs comments for offensive material, moderators allow sometimes-heated discussions to take place on the blog. Kostin said these discussions are a good way to engage the public on current issues, which is the blog’s primary function.
“I really think social media and these tools are really a way to bring people closer to the government,” she said.
OPM proposes to add EA to specialty positions
The Office of Personnel Management is proposing to add enterprise architecture to information technology management specialty titles to help agency recruiters meet the growing demand for expertise in that area.
“It adds the ability to identify a job as enterprise architecture, so it’s just expanding the kind of work that is covered under [the IT management] job title,” said Nancy Kichak, OPM’s associate director for strategic human resource policy. “This is work is that is becoming more and more common in the government.” The change will make it easier for human-resources professionals to write job descriptions and recruit individuals with skills in enterprise architecture, she said.
In the 2008 draft Job Family Standard for IT Management series 2210, enterprise architecture would join 10 other specialty areas, including policy and planning; security; systems analysis, applications software, operating systems, network services, data management, Internet, systems administration and customer support.
Tara Ricci, a personnel research psychologist at OPM, said the idea of adding enterprise architecture to the list of specialties originated with officials serving on the federal Chief Information Officers Council.
“We’ve been working with them throughout the process,” she said. “They initially came to us and expressed an interest in pursuing this because in their own dealings with the workforce they have come to realize that [enterprise architecture] needs to be formally acknowledged. So much of what they do in terms of getting their budget and IT projects approved requires a fully developed [enterprise architecture] plan, so there are a lot of people who are doing that type of work.”
Kichak said adding a new specialty will have no effect on current positions. “Nothing is going to affect anybody who’s already in a position as far as changing their grade structure or their duties,” she said. “That’s not to say that somebody might not decide to rename the job they’re in now as enterprise architecture.”
With the CIO Council on board, OPM doesn’t expect any resistance to the change. However, Kichak said, “it’s open for comment so if there’s anything we missed, people will have a chance to tell us.” May 16 is the deadline for comments.
http://fcw.com/articles/2008/04/18/opm-proposes-to-add-ea-to-specialty-positions.aspx
“It adds the ability to identify a job as enterprise architecture, so it’s just expanding the kind of work that is covered under [the IT management] job title,” said Nancy Kichak, OPM’s associate director for strategic human resource policy. “This is work is that is becoming more and more common in the government.” The change will make it easier for human-resources professionals to write job descriptions and recruit individuals with skills in enterprise architecture, she said.
In the 2008 draft Job Family Standard for IT Management series 2210, enterprise architecture would join 10 other specialty areas, including policy and planning; security; systems analysis, applications software, operating systems, network services, data management, Internet, systems administration and customer support.
Tara Ricci, a personnel research psychologist at OPM, said the idea of adding enterprise architecture to the list of specialties originated with officials serving on the federal Chief Information Officers Council.
“We’ve been working with them throughout the process,” she said. “They initially came to us and expressed an interest in pursuing this because in their own dealings with the workforce they have come to realize that [enterprise architecture] needs to be formally acknowledged. So much of what they do in terms of getting their budget and IT projects approved requires a fully developed [enterprise architecture] plan, so there are a lot of people who are doing that type of work.”
Kichak said adding a new specialty will have no effect on current positions. “Nothing is going to affect anybody who’s already in a position as far as changing their grade structure or their duties,” she said. “That’s not to say that somebody might not decide to rename the job they’re in now as enterprise architecture.”
With the CIO Council on board, OPM doesn’t expect any resistance to the change. However, Kichak said, “it’s open for comment so if there’s anything we missed, people will have a chance to tell us.” May 16 is the deadline for comments.
http://fcw.com/articles/2008/04/18/opm-proposes-to-add-ea-to-specialty-positions.aspx
Navy ready to launch ERP system
The Navy Enterprise Resource Planning program, which includes financial management, project management and other key business applications, is about to go live after about three years of development.
BearingPoint, the lead systems integrator on the project, announced earlier this week that the Navy ERP had completed the testing, data convergence and validation phases of the project.
The Navy hired BearingPoint under a $175 million contract in 2004.
The Naval Air Systems Command (Navair) in Patuxent River, Md., with 15,000 users, will be first to use the system. After that, the Navy will turn on the ERP system next year at five Space and Naval Warfare Systems Command (Spawar) locations with 10,000 users. The rollout will reach 88,000 users by 2013, officials said.
The initial release, which utilizes the SAP for Public Sector product, includes financial management, procurement and acquisition management, project management and workforce management functionality.
“The Navy decided in January 2006 that this implementation required an integrated project team to be successful,” said Phillip Gardner, a managing director with BearingPoint’s Navy business. “If you walked into the project offices in Annapolis as a new person, you wouldn’t know who is government and who is contractor unless you asked them.”
The Navy and BearingPoint team relied on an Earned Value Management System, a methodology which measures project financial and scheduling performance, to ensure it met its cost, schedule and performance metrics.
“The government usually makes the contractor implement EVMS but doesn’t include itself in that program,” Gardner said. “In this case the government used a single system for both the government and contracting efforts. I’ve been in program management for 20 years and this was the first time I’ve seen a truly integrated EVMS which included both government and contractors.”
The validation of the system included more than 21,000 test scripts and nearly 53 million data conversions in six testing cycles, Gardner said. The company included Navair personnel in testing the system.
The Navy’s achievement also is a big change from previous ERP attempts. The Government Accountability Office said in a September 2005 report that the service invested more than $1 billion since 1998 in ERP pilots and had not achieved marked business process improvements.
http://fcw.com/articles/2007/12/20/navy-ready-to-launch-erp-system.aspx
BearingPoint, the lead systems integrator on the project, announced earlier this week that the Navy ERP had completed the testing, data convergence and validation phases of the project.
The Navy hired BearingPoint under a $175 million contract in 2004.
The Naval Air Systems Command (Navair) in Patuxent River, Md., with 15,000 users, will be first to use the system. After that, the Navy will turn on the ERP system next year at five Space and Naval Warfare Systems Command (Spawar) locations with 10,000 users. The rollout will reach 88,000 users by 2013, officials said.
The initial release, which utilizes the SAP for Public Sector product, includes financial management, procurement and acquisition management, project management and workforce management functionality.
“The Navy decided in January 2006 that this implementation required an integrated project team to be successful,” said Phillip Gardner, a managing director with BearingPoint’s Navy business. “If you walked into the project offices in Annapolis as a new person, you wouldn’t know who is government and who is contractor unless you asked them.”
The Navy and BearingPoint team relied on an Earned Value Management System, a methodology which measures project financial and scheduling performance, to ensure it met its cost, schedule and performance metrics.
“The government usually makes the contractor implement EVMS but doesn’t include itself in that program,” Gardner said. “In this case the government used a single system for both the government and contracting efforts. I’ve been in program management for 20 years and this was the first time I’ve seen a truly integrated EVMS which included both government and contractors.”
The validation of the system included more than 21,000 test scripts and nearly 53 million data conversions in six testing cycles, Gardner said. The company included Navair personnel in testing the system.
The Navy’s achievement also is a big change from previous ERP attempts. The Government Accountability Office said in a September 2005 report that the service invested more than $1 billion since 1998 in ERP pilots and had not achieved marked business process improvements.
http://fcw.com/articles/2007/12/20/navy-ready-to-launch-erp-system.aspx
Monday, April 6, 2009
Billions in stimulus money seen for technology
As much as $100 billion in economic stimulus law funding may flow to technology companies for energy efficiency, broadband, electronic health records and education technology, according to an analysis by TechAmerica.
About half of the $100 billion will be distributed through state governments and agencies, said Olga Grkavac, the organization's executive vice president for the public sector. “We expect about $50 billion in federal and $50 billion in state technology spending,” she said.
States are beginning to organize to determine how that money should be spent, said Roxanne Gould, the senior vice president of state government affairs. In California, a task force intends to modernize 1,200 schools, initiate electronic health records and centralize information technology purchases under the law, she said. In Florida, officials are planning to expand fiber-optic computer networks for schools.
Ideally, the money should be sent to a balanced mix of contractor and non-contractor projects, short-term and long-term projects, with some through existing contracts and some through new contracts, said Christopher Hansen, chief executive officer of TechAmerica. It represents about 1,500 technology companies.
“We are in favor of distributing it with long-term benefits and short-term benefits,” said Hansen. Projects should be examined on a case-by-case basis to see what is most effective and provides the most value, he said.
TechAmerica was created from a merger of the Information Technology Association of America and the American Electronics Association.
http://fcw.com/Articles/2009/03/06/Stimulus-money-to-pay-for-technology.aspx
About half of the $100 billion will be distributed through state governments and agencies, said Olga Grkavac, the organization's executive vice president for the public sector. “We expect about $50 billion in federal and $50 billion in state technology spending,” she said.
States are beginning to organize to determine how that money should be spent, said Roxanne Gould, the senior vice president of state government affairs. In California, a task force intends to modernize 1,200 schools, initiate electronic health records and centralize information technology purchases under the law, she said. In Florida, officials are planning to expand fiber-optic computer networks for schools.
Ideally, the money should be sent to a balanced mix of contractor and non-contractor projects, short-term and long-term projects, with some through existing contracts and some through new contracts, said Christopher Hansen, chief executive officer of TechAmerica. It represents about 1,500 technology companies.
“We are in favor of distributing it with long-term benefits and short-term benefits,” said Hansen. Projects should be examined on a case-by-case basis to see what is most effective and provides the most value, he said.
TechAmerica was created from a merger of the Information Technology Association of America and the American Electronics Association.
http://fcw.com/Articles/2009/03/06/Stimulus-money-to-pay-for-technology.aspx
Subscribe to:
Posts (Atom)
Posts
