Welcome King County Strategic Priority Project Briefing - PowerPoint PPT Presentation

Loading...

PPT – Welcome King County Strategic Priority Project Briefing PowerPoint presentation | free to view - id: 3c1f3-ZjhkN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Welcome King County Strategic Priority Project Briefing

Description:

Program and Security Audits. 07/27/04. Strategic Technology Project Briefing. 4 ... Met with County's information technology vendors to find out how they can assist ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 82
Provided by: arnt
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Welcome King County Strategic Priority Project Briefing


1
WelcomeKing CountyStrategic Priority Project
Briefing
  • Office of Information Resource Management
  • July 27, 2004

2
King County Strategic Priority Project
BriefingLaw, Safety and Justice Integration
  • Trever Esko, Program Manager
  • Norm Maleng - Business Sponsor
  • Ron Sims - Executive Sponsor
  • Office of Information Resource Management
  • July 27, 2004
  • http//kcweb.metrokc.gov/oirm/projects/lsji.htm

3
Recent Activities
  • Prototype project completed
  • Jail Inmate Look-up Service (JILS)
  • Multiple components
  • Public facing internet site
  • Internal LSJ agency access
  • External law enforcement access
  • Back-end Web Service for peer-to-peer exchange
  • Initiated first official project
  • Booking and Referral Filing Project
  • Program and Security Audits

4
Major Efforts Underway
  • Booking and Referral Filing Project
  • First real project
  • Addressing highest priorities for criminal
    justice operations
  • Criminal justice activities associated with
    booking an individual into jail and law
    enforcement referring a felony case to the
    prosecutor
  • 105 work processes
  • 37 information exchange events
  • 5 King County agencies
  • 27 external agencies

5
Major Efforts Underway
  • Integration Foundation Architecture Development
  • Document the architecture that comprises the
    enterprise integration capabilities
  • Will be presented to technology governance
  • Components of Foundation Architecture
  • Integration concepts
  • Integration policies
  • Operational policies for integration center
  • Integration software tools and capabilities
  • Logical architecture of integration environment
  • Physical architecture of integration solution

6
Various Operational Needs
7
Addressing Operational Needs
8
Integration Components Required
9
Implemented Integration Stack
10
Other Activities Underway
  • Integration Security Audit
  • Specifically examine security issues and
    opportunities within the integration environment
    as implemented
  • Performed by third party (MTG Consulting)
  • Program IVV
  • Program audit by third party (MTG Consulting)
  • Part of voluntary program QA process
  • Environment Upgrade
  • BizTalk 2004
  • JusticeXML v3.0

11
Next Steps and Timing
  • Publish security audit and IVV
  • Q3 2004
  • Complete various upgrades
  • Q3 2004
  • Create Integration Foundational Architecture
  • Q3 2004
  • Continue Booking and Referral Filing
  • Q4 2004

12
LSJ-I Timeline
Implement Integration Solution
Improved Criminal History
Foundational Architecture
Pilot Project (JILS)
Booking and Referral Filing
Q2
Q4
Q1
Q3
Q1
Q2
2004
2005
Implementation of Integration Sub-Projects
13
King County Strategic Priority Project
BriefingInformation Security Privacy
  • Sharon Glein - Program Manager
  • David Martinez - Program Sponsor
  • Office of Information Resource Management
  • July 27, 2004
  • http//kcweb.metrokc.gov/oirm/projects/security_pr
    ivacy.htm

14
Program Objectives
  • Remedy information security vulnerabilities
  • Improve security and privacy awareness
  • Training for business and technical staff
  • Implement improvements to IT systems
  • Prevent security and privacy incidents
  • Recommend organizational changes
  • Ensure on-going management of security and
    privacy
  • Develop countywide security and privacy policies,
    standards and guidelines

15
Status 2nd Quarter Activities
  • Vulnerability Corrective Actions
  • Anitian, Covestic, RBA (security consultants)
  • Assessed corrective actions taken by agencies
  • Developed vulnerability identification and
    remediation procedures and provided instructions
  • Agencies continue to report progress

16
Status Selected Agencies Continue to Correct IBM
Identified Vulnerabilities
17
Status Consultants Assessment of Corrective
Actions Taken by Agencies
18
Status All Agencies Continue to Identify Fix
Mandatory Vulnerabilities
19
Status 2nd Quarter Activities continued
  • Security and Privacy Policies
  • Drafted Security Policy Framework and Enterprise
    Security Policy
  • TMB Security Sub Team meeting June 30
  • Drafted Enterprise Privacy Policy
  • BMC Privacy Sub Team meeting July 1

20
Security Policy Framework draft
21
Enterprise Security Policy draft
  • Security Principles
  • Accountability - Assessment
  • Awareness - Cost Effective
  • Equity - Integration
  • Management - Timeliness
  • Countywide policies
  • ISO 17799 compliance and minimum requirements
  • Countywide security
  • Chief information security officer, information
    security board
  • Agency security
  • Policies, procedures, subject matter expert

22
Enterprise Privacy Policy draft
  • Privacy Elements
  • Information Gathering Use - Information Sharing
  • Information Retention - Information Security
  • Right to Choose - Right to Know
  • Right to Inspect Correct - Commitment
  • Privacy Notice
  • Contact
  • Employee Expectations
  • Agency Policies
  • Agency Procedures

23
Status 2nd Quarter Activities continued
  • Security Privacy Training - tentative schedule
  • Security Essentials (July)
  • Risk Management (August)
  • Appropriate Use (September)
  • Social Engineering (October)
  • Security Issues in Hiring/ Terminations/Job
    Changes (November)
  • Privacy Expectations of Employees (December)
  • Security Issues in Working with 3rd Parties
    (January)

24
Status 2nd Quarter Activities continued
  • Security Tools
  • Met with Countys information technology vendors
    to find out how they can assist us
  • Drafted and issued RFI in July expect responses
    in early August

25
Next Steps for Agency Involvement 3rd/4th Quarter
2004
  • Vulnerability Corrective Actions
  • Agencies continue to complete identification of
    vulnerabilities, and remediate any found
  • Include any known vulnerabilities identified by
    Anitian, Covestic, or RBA as unresolved

26
Next Steps in 3rd/4th Quarter- continued
  • Security Policies to Technology Governance
  • July Security Organization
  • September Personnel Security
  • October Risk Management
  • December Asset Classification

27
Next Steps in 3rd/4th Quarter- continued
  • Privacy Policies to Technology Governance
  • July Privacy Notice
  • August Sensitive Information
  • September Personnel Privacy
  • October Data Classification for Privacy
  • November Privacy Audit and Compliance
  • December Privacy Requirements in System
    Development

28
Next Steps in 3rd/4th Quarter- continued
  • Security Privacy Training Sessions
  • Continue monthly trainings into 2005
  • Security and Privacy awareness training - begin
    in 2005
  • Security Tools
  • Review RFI materials and presentations
  • Participate in pilot testing activities

29
ISP Program Timeline
  • Complete Privacy Policies initiative
  • Vulnerability Corrective
  • Action initiative
  • Funding 2004
  • Begin Security Tools initiative
  • Security Policies initiative
  • Privacy Policies initiative
  • 2005 continued from 2004
  • Security Policies Tools initiatives
  • Begin Agencies
  • Cleanup
  • Vulnerabilities
  • Countywide
  • 2005 Dependent on 2005 Appropriation
  • Personnel Security Privacy Policy
  • Implementation
  • Risk Management Process
  • Privacy Tools
  • Transition to Security Organization
  • Begin Governance review of
  • Security and Privacy
  • Policies

Q2
Q4
Q1
Q3
2005
2004
Addressing Security Improvements
30
King County Strategic Priority Project
BriefingNetwork Infrastructure Optimization
  • Kevin Fung - Program Manager
  • David Martinez Program Sponsor
  • Paul Tanaka Program Sponsor
  • Office of Information Resource Management
  • July 27, 2004
  • http//kcweb.metrokc.gov/oirm/projects/NIO.htm

31
NIO Program Objectives
  • Mitigate network-related risks to King County
    business
  • Technology-related risks
  • Operational-related risks
  • Realize cost-savings from identified
    opportunities
  • Begin transition to next generation network
  • Develop countywide standards and guidelines
  • Prepare network infrastructure
  • Conduct pilots to solidify vision

32
NIO Current Status
  • Validation effort completed in early June
  • Many opportunities for improvement validated
  • Some opportunities require further analysis
  • Validation report available via OIRM intranet
    website
  • Improvement Measures Underway
  • Replacement of unsupported equipment
  • Change to King County Code
  • Migration to COAF (Centrex Over Alternate
    Facilities)
  • Formation of two new countywide groups
  • Network Change Management Board
  • Network Policy and Standards Development Team

33
Standard Centrex vs. COAF(Centrex Over Alternate
Facilities)
  • Standard Centrex
  • Phones individually connected to Central Office
  • Transport charge for each phone

(
(
(
(
(
Phone Companys Central Office
(
  • COAF
  • Individual connections bundled onto trunk line,
    fiber, or other alternate facility
  • Recurring cost of alternate facility less than
    sum of individual transport charges.

(
Alternate Facility
(
(
(
Phone Companys Central Office
(
(
34
NIO Validation Summary
35
NIO Phase II Deliverables
  • Consultant Validation Report available on
    website
  • Replacement of unsupported core routers.
  • King County code change for multi-year agreements
  • Migration of Centrex lines to COAF
  • Establishment of Network Change Management
  • Network policies, standards, and guidelines
  • IP Telephony (VoIP) and Wireless pilots
  • Use of King County resources to eliminate leased
    circuits
  • Service Metrics for KC WAN and Telecom
  • Publication of network OMS procedures
  • Advisory staffing plan for Network Services
  • Installation/configuration of network tools
  • Migration plan for convergence (next generation)

36
Network Change Management Board
  • Purpose
  • Define Network Change Management
  • Develop the change management process to be
    followed by all agencies
  • Countywide representation
  • Eventual transition to Operations
  • First meeting to be scheduled in August

37
Network Change Management Board Representatives
38
Policy and Standards Development
  • Purpose
  • Draft countywide network policies, standards, and
    guidelines to ensure consistency throughout the
    county
  • Types of Standards (sample list)
  • Protocols, IP addressing, HW/SW, interface,
    wireless, network security (firewalls, VPN,
    encryption, proxies, NAT, etc.)
  • Countywide representation
  • Proposals to pass through Governance process
  • First meeting to be scheduled in August

39
Network Policy and Standards Development
Representatives
40
NIO Phase II Timeline
Unsupported equipment replaced IP Telephony
Wireless Pilots Migration Plan for
Convergence Additional policies and standards
  • Continuing Effort on Phase II Initiatives
  • Continued replacement of unsupported equipment
  • Continued operational improvement
  • Continued standards development
  • Phaseout of non-IP protocols
  • Implementation of QoS
  • Additional pilots

COAF complete Service Level Agreements Published
Practices Network Tools Configuration
KC Code Change
First set of standards
Validation Complete
Q1
Q3
Q2
Q4
Q2
Q3
2004
2005
Implementation of Immediate Opportunities and
Transition to Next Generation
Validation
41
King County Strategic Priority Project
Briefing Business Continuity
  • Victoria D. Leighton Program Manager
  • Paul Tanaka Business Sponsor
  • David Martinez - Program Sponsor
  • Office of Information Resource Management
  • July 27, 2004
  • http//kcweb.metrokc.gov/oirm/projects/bc.htm

42
Program Objectives
  • Phase I
  • Identify business essential services and
    technology in support of the King County
    Emergency Management Plan and essential business
    operations
  • Phase II
  • Implement information technology business
    continuity policy
  • 2004 2005 Implement consultant recommendations

43
Methodology
  • Phase I 2003 - 2004
  • Identify business essential services and
    technology in support of the King County
    Emergency Management Plan
  • Perform a Risk Assessment of King County
    information technology
  • Perform a Business Impact Analysis of King County
    information technology
  • Purchase and populate business continuity
    database
  • Develop and approve countywide information
    technology business continuity planning policy
  • Develop countywide integrated information
    technology business continuity implementation
    plan (HowTo strategy for developing business
    continuity mitigation processes)
  • Implement consultant recommendations
  • Phase II 2004 - 2005
  • Implement consultant recommendations

44
Phase I
  • Request for Proposals July 2003
  • Final Vendor Selection October 2003
  • Contract Signed November 2003
  • Project Kickoff Meeting November 2003
  • IT Agency Risk Interviews December 2003
  • IT Business Impact Interviews January 2004
  • Draft IT BC Policy April 2004
  • Risk Assessment Report May 2004
  • Begin Populating BC Database June 2004
  • Business Impact Analysis Report July 2004
  • Recovery Gap Analysis Report July/Aug 2004
  • IT Business Continuity Aug/Sept 2004
  • Implementation Plan

45
Reports
  • Business Continuity reports are classified not
    subject to public disclosure
  • Completed and draft reports - posted to the
    Outlook Public Folders
  • outlook\\Public Folders\All Public
    Folders\Inter-Agency\OIRM\Business Continuity\Non
    Disclosure Reports

46
Risk Assessment Report and Business Impact
Analysis Recommendations
  • Establish an information technology business
    continuity policy
  • Develop written and tested business continuity
    plans (The County has acquired software to
    facilitate the process)
  • Develop security policies, guidelines and
    procedures
  • Improve network access security
  • Prepare backup and offsite storage standard
    operating guidelines
  • Improve the timeliness of backup and offsite
    storage

47
Business Impact Analysis FindingsAgency
Planning that Supports the EMP
Agency Readiness - EMP
48
Business Impact Analysis FindingsApplication
Recovery Objectives
Critical Applications
Agency Readiness Essential Business Services
49
2004 Implementing Consultant Recommendations
initial focus
  • Telecommunications
  • eCommunications
  • Redundant web servers to support the Emergency
    Coordination Center
  • Business Operations
  • Payroll check printing business continuity
    services
  • Alternate data center (warm site) for identified
    essential services

50
Resources on the Web
  • Check out our updated intranet site
  • New links
  • Reports
  • Presentations
  • Resource links from various sites of industry
    standards for implementing business continuity
  • We welcome your feedback, what would you like to
    see
  • Link
  • http//kcweb.metrokc.gov/oirm/projects/bc.htm

51
(No Transcript)
52
Agency Involvement
  • Completed as of July 2004
  • Business continuity point of contacts assigned
  • Attended LBL briefing on Risk Assessment and
    Business Impact Analysis
  • In Process
  • Identifying critical servers and their attributes
    Due 7/27/04
  • Review with feedback/written comments
  • Business Impact Analysis Report Due July 2004
  • Recovery Strategies Report Due July/Aug 2004
  • Countywide Information Technology Business
    Continuity Implementation Plan Due Aug/Sep 2004

53
Business Continuity Timeline
Major Milestones
Funding
Q2
2005
Q4
2004
IT Business Continuity Implementation Plan
Planning and Analysis
Begin Implementation Proposed Solutions
54
King County Strategic Priority Project Briefing
IT Organization Study
  • Jim Keller - Contract Administrator
  • TBD - Project Manager
  • David Martinez - Project Sponsor
  • Paul Tanaka - Business Sponsor
  • Office of Information Resource Management
  • July 27, 2004
  • http//kcweb.metrokc.gov/oirm/projects/Tech_Organi
    zation_Bus_Case.htm

55
Project Objectives (King County Council Proviso
14797)
  • Vision and Goals Statement
  • Quantifiable Business Case for Reorganization of
    Information Technology Functions Countywide

56
Approach (as identified in the proviso)
  • Vision Goals for IT countywide
  • Quantifiable Business Case for Reorganization of
    IT Functions Countywide
  • At least two options with some level of
    outsourcing and centralization
  • Countywide IT organization structure
  • Quantifiable cost-benefit analysis
  • Preferred option, with criteria used to select
    preferred option
  • Primary criteria to select preferred option is
  • To reduce IT management costs countywide

57
IT Vision and Goals (draft)
  • IT Vision
  • Utilizing information and technology to shape a
    better tomorrow by enabling public services and
    streamlining County-wide operations
  • IT Goals
  • Deliver responsive service to internal customers,
    the public, and other jurisdictions
  • Provide reliable, cost-effective technical and
    application architectures
  • Create enterprise-wide efficiencies
  • Support a culture of effective governance, clear
    accountability and communication
  • Ensure IT security and privacy
  • Facilitate information sharing internally and
    externally
  • Recruit, deploy and retain an appropriately-skille
    d workforce
  • Serve as a leader in IT regional initiatives

58
Organization Model Evaluation Criteria(draft)
59
Status
  • Request for Proposals February 2004
  • Consultant began work May 2004
  • Data collection on current
  • IT org geography of IT July 2004
  • Agency Interviews July 2004
  • Vision and Goals draft July 2004
  • Evaluation Criteria draft July 2004
  • Vision Goals to SAC Aug 2004
  • Business Case draft to review Sept 2004
  • Consultant report draft final October 2004
  • Consultant Presentations begin November 2004

60
IT Organization StudyTimeline
Consultant presentations of recommendations
Recommendation report and business case complete
Q1
Q3
Q4
2005
2004
IT Organization Consultant Study
61
King County Strategic Priority Project Briefing
Financial Business Case Analysis
  • Zlata Kauzlaric - Project Lead
  • Gary Lemenager - Contract Manager
  • Paul Tanaka - Business Sponsor
  • David Martinez - Program Sponsor
  • Caroline Whalen - Resource Coordinator
  • Office of Information Resource Management (OIRM)
  • July 27, 2004
  • http//kcweb.metrokc.gov/oirm/projects/qbc.htm

62
Objective
  • Develop Business Operations Model based onbest
    practices and Quantifiable Business Casefor
    implementation.
  • Support policy and budgetary decisions for
  • Transformation of business processes
    inpreparation for system replacement
    financial,budget, HR and payroll
  • Identify cost of information technology (TCO).
  • Deliver in time for the 2005 budget.

63
Project Web Site
http//kctest.metrokc.gov/oirm/projects/qbc.htm
64
Advisory Committee
  • Paul Tanaka - CAO
  • David Martinez - CIO
  • Shelley Sutton - Council
  • Leesa Manion /David Ryan - Prosecutor
  • Bill Wilson - Sheriff's Office
  • Rich Medved - Assessor
  • Paul Sherfey - Superior Court
  • Steve Call- Budget
  • Tricia Crozier - District Court

65
Project Team
  • Consultants Dye Management Group, INC., Pacific
    Technologies, Inc.
  • County Team Leads
  • Budget Jim Walsh, Budget Office
  • Financials Eric Polzin, DES/FBOD
  • Human Resource Pamela Harding, DES/HRD
  • Payroll Tracey Dang, DES/FBOD
  • Technology John Anthony, DES/ITS
  • Departmental Technology Leads and Subject Matter
    Experts dedicated to the project by the BMC
    members

66
Work Plan
DEC
JAN
FEB
MAR
APR
MAY
DEC
JAN
FEB
MAR
APR
MAY
1.0
Initiate Project
1.0
Initiate Project
2.0
Determine
2.0
Determine
Technology Costs
Technology Costs
3.0
Develop Business
3.0
Develop Business
Operations Model
Operations Model
4.0
Draft Business Case
4.0
Draft Business Case
5.0
Present
5.0
Present
Business Case
Business Case
67
Project Status
  • Technology Cost Report Completed
  • Technology Cost Updateable Model Completed
  • Business Operations Model Report Completed
  • Quantifiable Business Case Report Completed
  • Presentations under way

68
Technology Cost Report
  • The report represents the first complete picture
    of Countys IT spending.
  • It analyzes distribution of IT Labor, IT Goods
    and Services, and provides typical performance
    indicators essential for effective management of
    IT.
  • It can be further used as a starting point for
    evaluating the Countys approach to managing
    information technology.
  • The report is available at the OIRM web site
  • http//kcweb.metrokc.gov/oirm/projects/QBC/King_C
    ounty_TCO_final.pdf

69
(No Transcript)
70
(No Transcript)
71
Technology Cost Updateable Model
  • The deliverable includes
  • Repeatable Total Cost of Ownership Manual" on
    how to update the Model
  • Set of spreadsheets populated with collected
    data for the current Technology Cost report
  • The spreadsheets will be a starting point should
    the County engage into the Model update effort.

72
Business Operations Model Report
  • Assessment It provides assessment of current
    payroll, financials, human resources and budget
    businesses including people, processes and
    technology. The current operating cost is over
    80 million - includes central and departmental
    costs.
  • Evaluation The County is woefully lacking in
    modern processes and systems. It must change to
    meet vision and goals approved by the County
    Council.
  • Recommendation Business Transformation. It will
    bring contemporary financial and human resource
    best practices to King County. It potentially can
    result in almost 237 million net benefit over 10
    year, with initial investment of 71.5 million,
    and operating costs of 34.5million.

73
Business Case Report
  • The Business Case report describes why and how
    the county needs to improve, with implications of
    not pursuing the recommended improvements.
  • It is based on national standard, best practices
    for government, and countys Vision and Goals
    Statement.
  • The reports are available at the OIRM web site
  • http//kcweb.metrokc.gov/oirm/projects/QBC.

74
Business Transformation Example
  • The next three slides present an example of
    Business Transformation for financials business
    area.

75
(No Transcript)
76
(No Transcript)
77
(No Transcript)
78
Next Steps to Complete this Phase
  • Presentations to BMC, SAC, Executive, Council are
    being prepared, scheduled, conducted.
  • Dye Management presentation to QBC Advisory
    Committee and BMC is available on the OIRM web
    site.
  • Additional Task Complete and present Data
    Validation effort (comparison of IT cost
    collected from agencies and system reported
    data).

79
Next Phases
80
Thank You and Congratulations
  • Extended Project Team includes over 300
    County-wide staff subject matter experts for
    their business areas, and Technology Governance
    bodies BMC and TMB.
  •  Thank you to all County Participants for their
    work and support of the Project, and
    congratulations on successful completion of this
    phase!

81
Quantifiable Business Case AnalysisTimeline
Initiate Project
Dec 2003
Planning and Design
82
Thank youhttp//kcweb.metrokc.gov/oirm/index.ht
m
About PowerShow.com