- Optimizing storage space – The cost of real property dedicated to paper record storage is expensive and creates unnecessary risks. Additionally, the staff time needed to search, locate, and retrieve paper records is extensive compared to electronic search and recovery.
- Inventory stored records, both permanent and temporary – Records received by a government entity must be classified, recorded, and in many cases retained, increasing the investment cost in storage space and employee time.
NJ-GMIS, an association of Government Information Technology leaders, has announced that the 3rd Annual Cyber Security Awareness Seminar is scheduled for Wednesday, October 24, 2018 from 7:00 A.M. to 12:30 P.M. at The College of New Jersey (TCNJ), 2000 Pennington Road, Ewing, New Jersey.
Cybersecurity experts, industry executives, and public sector professionals will present important information for government employees on cyber trends, resources, policies, and solutions.
Registration is complimentary for public sector employees. Peer to peer networking and a tour of the TCNJ Computer Science Department will be included in the day’s activities.
Traditional IT has to make way for AI (summarized from InformationWeek)
The efficiencies that were realized in the transition that was made from a paper-based government operation to a computer-based information technology environment will be realized again with the transition to Artificial Intelligence (AI).
AI is “the theory and development of computer systems able to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.” It will be a reliance on productivity that can collect, interpret, and utilize data at a scale beyond human ability.
It is recommended that if there are funds remaining in a current IT budget, it is time to begin to direct those funds to AI.
SOMERVILLE, NJ – Linda Van Der Veen, an Information Technology professional at ATON COMPUTING, INC, has earned her Certification in Nursing Informatics.
Nursing Informatics (NI) integrates nursing science with multiple information and analytical sciences including computer science, information management, archival science, and mathematics to identify, define, manage, and communicate data, information, knowledge, and wisdom in nursing practice and information technology.
The American Nurses Association Scope and Standards of Practice states that in addition to improving overall health of the general population, NI supports activities including the identification of issues and the design, development, and implementation of effective informatics solutions and technologies within the clinical, administrative, educational and research domains of practice.
“Linda’s certification adds another dimension to the services offered by ATON Computing,” according to ATON principal Walter Hansen. “In addition to the numerous IT technical certifications that ATON employees have earned, we now have an ability to address healthcare and prevention issues for the public and private sectors clients that we serve.”
ATON focuses the expertise of its 9-person professionally trained staff on computer networking, business continuity, cloud computing solutions, and cyber security/risk management, providing handson hardware & software integration specifically configured to meet the technology needs of government and the private sector.
ATON’s web site at www.atoncomputing.com focuses on the core values of the staff and the range of services that includes custom Microsoft network design and installation, software program implementation, cyber security, and training that enhances efficiency, provides protection, and results in a positive return on investment
In addition to the NI Certification, the staff of IT professionals maintain current technical credentials including: Microsoft MCSE, MCSA, MCTS & MCP; Cisco CCNA, VMware’s VCP, A+ Core Services; numerous hardware & software product certifications.
Thirty-four technology companies have signed the “Cybersecurity Tech Accord,” a document that declares that the signatories will protect all of their customers from threats and will not “help governments launch cyber attacks against innocent citizens and enterprises from anywhere.”
The signatories include Microsoft and Facebook, Dell, VMware, HP and HP Enterprise, Cisco, Avast, CloudFlare, F-Secure, Symantec, Trend Micro, BT, Juniper Networks, and Telefonica, among others. Notably missing from the list are Google, Apple, and Amazon.
The accord, available here, has four key components:
- We will protect all of our users and customers everywhere.
- We will oppose cyber attacks on innocent citizens and enterprises from anywhere.
- We will help empower users, customers, and developers to strengthen cybersecurity protection
- We will partner with each other and with like-minded groups to enhance cybersecurity.
The accord is being referred to as a “digital Geneva Convention” to mirror the rules of engagement in technology in the same way that the Geneva Convention sets standards for conduct in war.
The issue is one of trust—”Just as people won’t put their money in a bank they won’t trust, people won’t use an Internet they won’t trust.”
The Accord is intended to prevent situations similar to the current Facebook scandal involving Cambridge Analytica and related organizations harvesting user data en masse and using it for psychologically tailored political advertising.
Full article at https://www.techrepublic.com/article/cybersecurity-tech-accord-sets-newprivacy-standards-for-tech-companies/?ftag=TRE684d531&bhid=189812
Take a Lesson from the Federal Government on Modernizing IT Systems
Reprint from the 2017 Report to the President on Federal IT Modernization
This report outlines a vision and recommendations for the Federal Government to build a more modern and secure architecture for Federal IT systems.3 Agencies have attempted to modernize their systems but have been stymied by a variety of factors, including resource prioritization, ability to procure services quickly, and technical issues.
Recommendations to address the aforementioned issues are grouped into two categories of effort: the modernization and consolidation of networks and the use of shared services to enable future network architectures. In addition to specific recommendations, this report outlines an agile process for updating policies and reference architectures to help the Government more rapidly leverage American innovation.
Network Modernization and Consolidation.
This report envisions a modern Federal IT architecture where agencies are able to maximize secure use of cloud computing, modernize Government – hosted applications, and securely maintain legacy systems. Specific actions in this report focus on the first two areas, where securely maintaining legacy systems is addressed in other areas of EO 13800. These actions enable agencies to move from protection of their network perimeters and managing legacy physical deployments toward protection of Federal data and cloud – optimized deployments. The report also emphasizes a risk-based approach that focuses agency resources on their highest value assets, per OMB’s authorities provided by the Federal Information Security Modernization Act of 2014 (FISMA)4 and OMB Memorandum M-17-25, Reporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The report addresses current impediments or obstacles to adopting modernized cloud technologies by piloting new implementation approaches, and using these test cases to inform rapid policy updates. The report also focuses on consolidating and improving acquisition of network services so that management of security services for networks are consolidated where possible and managed to high standards. Specific actions include:
1. Prioritize the Modernization of High-Risk High Value Assets (HVAs).
Prioritize modernization of legacy IT by focusing on enhancement of security and privacy controls for those assets that are essential for Federal agencies to serve the American people and whose security posture is most vulnerable.
2. Modernize the Trusted Internet Connections (TIC) and National Cybersecurity Protection System (NCPS) Program to Enable Cloud Migration.
Use real world implementation test cases to identify solutions to current barriers regarding agency cloud adoption. Update relevant network security policies and architectures to enable agencies to focus on both network and data-level security and privacy, while ensuring incident detection and prevention capabilities are modernized to address the latest threats.
3. Consolidate Network Acquisitions and Management.
Consolidate and standardize network and security service acquisition to take full advantage of economies of scale, while minimizing duplicative investments in existing security capabilities. Shared Services to Enable Future Network Architectures.
The following section of this report lays out an approach to enable, with ongoing Government- wide category management efforts, the Federal Government to shift toward a consolidated IT model by adopting centralized offerings for commodity IT. The recommendations detail steps to address current impediments in policy, resource allocation, and agency prioritization to enabling the use of cloud, collaboration tools, and other security shared services. For the purposes of this Report and its implementation, shared services is the provision of consolidated capabilities or functions (services and/or IT systems) that are common across multiple agencies. Shared Services can enable agency efficiency by reducing duplication and costs through consistent delivery of standardized capabilities or functions in ways that make the most of innovative processes and commercial solutions. Specific actions include:
1. Enable use of Commercial Cloud.
Improve contract vehicles to enable agencies to acquire commercial cloud products that meet Government standards.
2. Accelerate Adoption of Cloud Email and Collaboration Tools.
Provide support for migration to cloud email and collaboration suites that leverage the Government’s buying power. Define the next set of agencies to migrate to commercial email and collaboration suites.
3. Improve Existing and Provide Additional Security Shared Services.
Provide consolidated capabilities that replace or augment existing agency-specific technology to improve both visibility and security.
Resourcing Federal Network IT Modernization.
In order to implement the Federal IT modernization efforts outlined in this report, agencies will need to realign their IT resources appropriately using business-focused, data-driven analysis and technical evaluation. OMB will inform agencies that agency Chief Information Officers (CIOs) work with their Chief Financial Officers (CFOs) and Senior Agency Officials for Privacy (SAOPs), in consultation with OMB, to determine which of their systems will be prioritized for modernization, identifying strategies to reallocate resources appropriately. In accordance with the terms of agency contracts and consistent with law, agencies should consider evaluating ongoing and planned acquisitions that further develop or enhance legacy IT systems identified that need modernization to ensure consistency with broader IT strategies outlined in this report. Agencies should also emphasize reprioritizing funds and should consider “cut and invest” strategies that reallocate funding from obsolete legacy IT systems to modern technologies, cloud solutions, and shared services, using agile development practices and the best practices within GSA’s Unified Shared Services’ Modernization and Migration Management Framework,5 where appropriate.
Taken together, these recommendations will modernize the security and functionality of Federal IT, allow the Federal Government to improve service delivery, and focus effort and resources on what is most important to customers of Government services.
3. Not to include national security systems as defined in Section 3552(b)(6) of Title 44, United States Code.
4. Federal Information Security Modernization Act of 2014 (Pub. L. No. 113-283, 128 Stat. 3073), as amended. 5 Introduction to Modernization and Migration Management (M3), Unified Shared Services Management.
Remote desktop access through the internet represents a substantial risk to network security and should be avoided whenever and wherever possible.
If remote access is required, available options including LogMeIn, TeamViewer, Chrome remote desktop, etc. should be used only after taking precautions to improve security.
1) Your router/firewall should be configured to restrict access to only the necessary public IP addresses. This is the best way to secure the connection.
2) Default Network accounts with usernames such as “Admin” and “Administrator” should be disabled.
3) Configure Active Directory to lock out accounts after 3 or 5 failed sign-in attempts.
4) Ensure that all computers/servers being remotely accessed require strong/complex passwords (a minimum of 8 characters, including 1 upper case letter, one lower case letter, a number, and a special character).
5) Ensure that remote access to computers/servers be limited to authorized users specifically requiring connectivity to that machine.
Or, contact ATON Computing, Inc. at www.ATONComputinginc.com of at 908-725-3700 or your IT Professional for expert solutions to your IT issues.