Subscribe: Bob Woolley's IT Weblog
Added By: Feedage Forager Feedage Grade C rated
Language: English
access  hipaa  information  planning  process  requirements  security  state utah  state  strategic planning  strategic  technology 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Bob Woolley's IT Weblog

Bob Woolley's IT Weblog

Technical architecture and management and delivery of enterprise IT services.

Last Build Date: Mon, 14 Apr 2003 15:45:28 GMT

Copyright: Copyright 2003 Bob Woolley

Mon, 14 Apr 2003 15:39:04 GMT

Recommended Reading

In the process of developing a strategic planning process and a number of strategic plans, I have read a number of books that have some valuable insites into strategic planning and various IT management issues. All of them are available from I will feature several of the best of these titles every few days.

Cokins, Gary. Activity -based cost management: an executive's guide. Wiley Cost Management Series. 2001.

This title is an excellent executive overview of activity based costing principles which are of importance to rate development at service delivery organizations charged with cost recovery.

Allen, Bruce. Building operational excellence: IT people and process best practices with Dale Kutnick. Intel Press and Addison Wesley. 2002.

One of the best overall views of the development of operational excellence within IT service delivery organizations. The authors do an excellent job of identifying operational best practices and methodologoes for application to IT organizations.


Mon, 14 Apr 2003 15:25:13 GMT

IT Strategic Planning The Division of Information Technology Services has been engaged in implementing a strategic planning process since late last year. In order to implement the process a number of process documents have been developed. Items that will be discussed include: Overview of Strategic Planning at ITS Discussion of Context (External Factors) These will be followed by a discussion of the actual planning process, planning document relationships, and the relationship with product management, architecture, priority management, project management, engineering, and customer support. An overview of the strategic planning template methodology developed at ITS will also be shared. Strategic Planning Overview For a number of years, IT organizations have scrambled to keep up with the need to provide technology solutions to business problems across an ever-increasing array of hardware, software, and network technologies. The advent of distributed computing, coupled with the Internet revolution, has led to highly complex systems composed of hardware, software, people, and operational procedures that frequently span multiple platform and software foundations. Coexistence of so much technology demands interoperability of the components. Interoperability requires a set of overarching strategies to manage touch points and minimize conflicts. These high-level strategies, together with an architectural blueprint for the computing environment, will ensure that when components are assembled into the integrated system, the result is production-worthy, user-responsive, and maintainable.   Information technology strategies at the State of Utah and within the Division of Information Technology Services (ITS) are in a state of unprecedented change. IT organizations within the State are struggling with a multitude of strategies associated with the many different aspects of their information technology business. Many of these strategies are often implicit and spread by word of mouth. Even those documented are rarely set in the context of their association with, and impact on, each other. ITS has an obligation to work with other State IT organizations to keep strategies current with business, technology, and economic requirements.   ITS strategies clearly need revitalizing. ITS needs to align strategic objectives from the ITS Roadmap document with requirements from agencies and stakeholders to form a longer-term planning and implementation window. As computing complexity continues to increase, the pace of business today demands virtually instant turnaround of strategic content. Strategies need to be developed that can survive and take advantage of technological innovations while still enabling business changes and users who demand rapid solutions on increasingly demanding timelines.   Effective strategic planning at ITS needs to meet three overriding criteria:   §         it must be a rapid process, §         it must produce succinct but very clear output, and §         it must provide an integrated context from which more detailed planning can take place.   For strategic planning to respond rapidly to the right priorities, it is essential that the process start with prioritization and framing of the strategic questions to be addressed at any given phase or area of planning focus. The strategic output must accomplish a change from the often lengthy, highly detailed, complex white paper, typically developed over several months, to a succinct and pragmatic explanation of the strategic principle, assumptions, scope, implications, actions, timing, interdependencies, and open associated questions produced over a period of weeks or even days.   Finally, to be effective, the output of designated strategic planning teams within ITS should be directly translated into action through alignment with each Section’s financial, product management[...]

Thu, 22 Aug 2002 20:08:33 GMT

Ethernet Network Site

This site provides extensive information about Ethernet (IEEE 802.3) local area network (LAN) technology. This includes the original 10 Megabit per second (Mbps) system, 100 Mbps Fast Ethernet (802.3u), 1000 Mbps Gigabit Ethernet (802.3z/802.3ab), and 10 Gigabit Ethernet (802.3ae).


Thu, 22 Aug 2002 14:02:29 GMT

HIPAA and Related Security Common Technical Requirements In order to provide technical infrastructure and related product services to support HIPAA, IRS, CJIS and other related agency security requirements the State of Utah has identified the following as a preliminary common technical requirements set that encompasses security requirements for seven state agencies and the corresponding Federal requirements. These are technical requirements only and do not addrerss other legal requirements associated with privacy and access to information. These are draft technical requirements and have not received final approval. Access Control: Access control mechanisms must be employed across all State of Utah networks to ensure a given user has been granted the permission to access a system resource in the manner authorized.   Advanced Authentication: Advanced authentication should be used in cases where un-trusted inbound traffic (with the exception of Internet mail and push broadcasts) is accessing the authorized State of Utah network. Authentication of the unique user identity can be a unique encrypted logon and password combination and/or use of other authentication methods including but not limited to biometrics, smart cards, tokens, digital signatures (such as VeriSign), etc.   Audit Trails: For any State of Utah operated network, functionality should be added for real‑time monitoring of networked and host‑based systems to detect security vulnerabilities and incidents. The minimum amount of information to be captured in an audit record is:   1.   The identity of each user and, where possible, the device having access to the system or attempting to access the system.   2.   The time and date of the access (synchronized with an atomic clock to the nearest 1/10 of a second), time and date of log off.   3.   Any activities which might modify, bypass or negate security safeguards controlled by the computer system.   Authorization: Once authenticated, users must be granted only specific access to the system’s resources that they require to perform their duties.   Encryption: To prevent unauthorized disclosure of sensitive and valuable information, all host access to restricted information to/from the state authorized network from unauthorized networks must be encrypted with no less than 128 bit encryption. File encryption must provide an equivalent level of protection. Examples of encryption mechanisms that provide 128 bit or better encryption are Secured Socket Layer (SSL), Point-to-Point Tunneling Protocol (PPTP), Advanced Encryption Standard (AES), RSA ( Rivest, Shamir & Aldeman) Elliptic Curve Cryptograpy (ECC), etc.   Firewalls: Prior to the deployment of State of Utah firewalls, a list of permissible paths with a justification for each access path must be submitted to ITS. Agency change control will be used to document all changes. Every network connectivity path not specifically permitted must be denied by firewalls. Permission to enable any paths will be granted by the agency security manager only when (1) the paths are necessary for important business reasons, and (2) adequate security measures will be used. State computer/data resource that exists on authorized networks must be protected from unauthorized traffic with the exception of production services designed to be homed in a demilitarized environment (http, internet mail), or where stateful packet inspection is not required. At a minimum, traffic filter firewalls should have the ability to screen and log traffic at the network and transport protocol layers.   Identification: Each individual who is authorized to access sensitive/restricted information must be uniquely identified.   Intrusion Detection: State of Utah locations with hosts containing sensitive /restricted information must include intrusion detection systems. These intrusion detection systems must each be configured accordi[...]

Thu, 22 Aug 2002 13:48:50 GMT

HIPAA References   There are a number of useful references for collaborative HIPAA security work going on in other states and related organizations from which the State of Utah can derive benefit. Among them are the following: Federal Register, 45 CFR Part 142, Security and Electronic Signature Standards; Proposed Rule, 08/12/1998. URL: Federal Register, 45 CFR Parts 160 and 164, Standards for Privacy of Individually Identifiable Health Information; Final Rule, 12/28/2000.URL: Fuller, Sandra. Journal of AHIMA, "Implementing HIPAA Security Standards," October 1999. URL: Hawaii Health Information Corporation. URL: HIPAA Security Summit. URL: Idaho Department of Health & Welfare.URL: Minnesota Center for Healthcare Electronic Commerce.URL: Nebraska Association of Hospitals and Health Systems.URL: North Carolina Healthcare Information and Communications Alliance, Inc.URL: Pilot policies released to the general public by the Hawaii HIPAA Readiness Collaborative.URL: policy templates.URL:[...]

Tue, 13 Aug 2002 15:24:49 GMT

Technology Organizational Assessment

This site has some interesting suggestions for customers or in our case agencies trying to assess the role of technology in their business