Fast forward Georgia, Vol. 1, no. 2 (June/July 2002)

A Publication of the Georgia Technology Authority
Georgia takes the lead in electronic voting
A $54 million contract awarded to Diebold Election Systems, Inc. makes Georgia the first and only state to adopt a uniform electronic voting system in every county and to pay for its acquisition with state, rather than county, funds. GTA managed the bid, evaluation and award process and participated in contract negotiations. Diebold's system was chosen for its accuracy, ease of use, accessibility, training and technical support. "No technology acquisition has been more important or more carefully considered and managed than this one," said GTA's Larry Singer. "We're proud to have participated in this effort."
Georgia Secretary of State Cathy Cox tests one of the 19,000 new electronic touch screen voting units recently acquired by the state for use in all precincts.

Standards for wireless LANs weigh convenience and risk

Georgia Technology Authority

T he use of wireless technologies to transmit data is becoming increasingly popular because of their low cost, easy installation and convenience for users, but they can also leave a network wide open to intruders. That's why GTA is developing important new security standards for agencies to follow in setting up wireless LANs.
"Technology often moves faster than the laws and public policy governing it," said GTA's Larry Singer. "Consequently, the state is moving with extreme caution in its use of wireless LANs. We are weighing the convenience against the level of risk."
GTA asked state agencies for information about their use of wireless LANs earlier this year and delayed the installation of new ones until development of the new security standards. They are expected to be released this summer for state agencies to follow in implementing a wireless LAN and connecting it to the state's computing network.
The standards address a variety of factors considered essential to ensuring proper security across wireless LANs, including:

encryption, which translates data into secret code

authentication, a process for authorized users to identify themselves to the network

radio frequencies used to transmit data

protocols for connecting a wireless device

to the wired LAN

See Wireless LANS, page 8

June/July 2002

Volume 1, No. 2

Inside this issue

Information security starts at your desk . . . . . . . . 2

UGA's new telecom system provides advanced communications capabilities . . . . . . . . . . . . . . . . 3

Keeping your technology projects on track . . . . . 4

Agency IT group to advise on standards . . . . . . . 6

Seminar to help non-IT managers with basic tech concepts . . . . . . . . . . . . . . . . . . . 7

Information security starts at your desk

W hile many attempts to penetrate state computer systems come from the outside, the biggest threat comes from

authorized users who inadvertently leave the

system vulnerable. Most often, computer security

is compromised because of carelessness, not

maliciousness.

According to Bob Wynn, Ph.D., acting director for

GTA security, most computer crimes are committed

with the assistance of insiders, often

without their knowledge. He says the

key to information security is

awareness.

"It's the same for physical

and Internet security," Dr. Wynn

said. "Shocks like the attacks of

September 11 led us to focus on

things we hadn't thought much about.

The truth is we have to be more

conscious of security all the time."

He said it is very important to

know whom you're dealing with.

"Be suspicious of anyone who

calls you seeking personal

Bob Wynn

information or information

about your computer system.

They may be planning to hack into the system or

attempt to steal your identity." Dr. Wynn noted that

identity theft is on the rise, up 200 percent in metro

Atlanta during the past year.

Information security often has more to do with

the way people work than it does with technology.

Dr. Wynn's security tips are a quick way to protect

the information on your computer.

Security often has more to do with the way people work than it does with technology.

Don't choose an obvious password. Wynn says the biggest mistake people make is keeping the default password on their computer. Think of a password that won't be easy to guess -- don't use your birthday, address or children's names.

Change your password at appropriate intervals. The more sensitive the information on your computer, the more frequently you need to change your password.

Protect your password. You'd be surprised how many people write their password on a note and stick it to their computer. If you need to write it down, keep it in a secure place. Dr. Wynn also cautioned against giving out your password. "Anyone who really needs it, such as your system administrator, can get it."

Don't open e-mail or attachments from unfamiliar addresses. If an e-mail looks strange, delete it without opening it. Hackers sometimes use this ploy to gain access to your computer or destroy its files.
Use a password to deactivate your screen saver. A screen saver can be set to come on automatically after a certain amount of time passes without using your computer. Access to the computer cannot be restored until the screen saver is deactivated.
Turn off your computer. Turn off your computer when you leave the office or if you plan to be away from your desk for an extended period. At the very least, sign off from e-mail and all programs.
Safe at home
Many of us pay close attention to information security at the office but don't protect our home computers, Dr. Wynn said.
Guard against intruders. Whether you use a dialup or permanent Internet connection, you should install firewalls, anti-virus software and intrusion detection systems on home computers and keep them up to date. Dr. Wynn recommended buying popular security software, available in stores for only about $30. "Most people would be shocked to know how many attempts are made to break into their home computer," he said.
Keep an eye on kids and computers. If you have children, be involved in their use of the computer. A computer used by children should be placed in a common area of the house with plenty of walkthrough traffic. Avoid placing computers with Internet access in children's rooms where their use is difficult to monitor.
Be sure you know what Web sites your children visit and anyone they may be corresponding with. Don't rely solely on screening software to limit access to certain Web sites. They can be easily defeated or bypassed.
A little common sense goes a long way, Dr. Wynn said. "The bottom line is knowing what is going on around you."

Fast Forward

Georgia

Page 2

UGA's new telecom system provides advanced communications capabilities

A fter two years of planning, the University of Georgia finally has a new, state-of-the-art telecom system to more reliably meet its current and future needs as the state's largest institution of higher learning and one of the nation's leading research centers.
The successful conversion from an obsolete telephone system took place March 15. It affected 11,000 phones lines, 23 equipment locations, seven automatic call distribution systems, 4,000 voice mailboxes and 30 automatic attendants.
"It was a great team effort," said Judy Howell, who heads UGA's Telephone Services and worked closely on the migration with Robert Penland of GTA's Telecommunications Division. GTA assisted UGA with procurement of the system, which involved issuing a request for proposal so all interested vendors could compete on an equal basis. Separate teams evaluated responses based on their technical and financial merits. GTA's telecom crews also took part in the installation and testing of new equipment.
UGA isn't the only state entity in Athens and Clarke County to benefit from the new telecom system. The Georgia Bureau of Investigation, Georgia State Patrol, Family and Children Services, Soil and Water Conservation Commission, Medical College of Georgia School of Nursing, Advantage Community Service Board, and the Departments of Corrections, Labor and Revenue also relied on the old system, which was difficult to repair since replacement parts were often no longer available.
Enhanced 911 speeds emergency response
The new system's advanced technology is already providing UGA and nearby state agencies with greater reliability through its use of fiber optics. Meanwhile, its enhanced 911 capabilities are helping to shorten the time it takes public safety workers and medical personnel to respond to an emergency on the UGA campus. Whenever someone dials 911, the system sends an alert to UGA's public safety office at the same time that it calls the 911 response center. The alert to campus officials includes the location where the call was placed so they can immediately head to the scene. In addition, the system automatically dials an extra 9 to get an outside line, which someone may forget to do in the haste and confusion of an emergency.

Other aspects of the new system aren't being

used just yet, but they're essential for the kinds of

changes that are steadily making their way into

everyday business life and transform-

ing the way people communicate and share information.
The system has the capability to

Smaller, more capable components reduced the

combine computer and telephone

number of equipment

technology in a way that will eventually enable call centers to provide

cabinets from 51 to 11.

higher levels of customer service. For

example, when a student calls the university's

financial assistance office, the system can associate

his or her name with the incoming telephone

number and automatically display the student's

information. It's complete and readily available in

one place.

One network for the future
The system can also use voice over IP to transmit voice in the same way information is sent over the Internet. Eventually only one network will be needed to make telephone calls, send e-mail, save files to a LAN server or pull up a Web site. When a single network is in place, workers will also be able to set up conference calls between UGA offices in different areas of the state without using an outside company. It also means they'll save on long-distance charges.
Advances in technology often mean that smaller and smaller components can do more and more, and UGA's new telecom system is no exception. It reduced the number of equipment cabinets from 51 to 11.
With its advanced communications system, UGA is ready to take advantage of the greater productivity and convenience that technology makes possible.

IT I.Q.
Moved to Atlanta?
Atlanta has found its way into the high-tech lexicon, according to Webopedia, the online dictionary for computer and Internet technology.
"Moved to Atlanta" is a reference to Web pages that disappear and leave only "404 File Not Found" errors in their place. The reference comes from Atlanta's 404 telephone area code. Web pages that produce 404 errors are said to have "moved to Atlanta."

Fast Forward

Georgia

Page 3

Keeping your technology projects on track

T hree out of four IT projects fail--meaning they miss the mark on budget, timing or performance. The most common reason?

A lack of effective management.

Peggy Joyner

The GTA Program Manage-

ment Office (PMO) works to better

the odds for state agencies

embarking on large IT projects.

The office's program manage-

ment professionals help teams,

divisions and agencies through all

phases of project development

and implementation.

PMO Director Peggy Joyner

answers questions about project

management and the value it

There's as much work to be done on the business side as on the technology side.

brings.
What is project

management?

What is the most important aspect of managing a project?
If a project isn't successful, it's most often because critical steps were missed. For example, it doesn't work if the business folks simply hand off the problem to the IT folks with little more than "I need a system that..." You need more information to get an effective product. There's as much work to be done on the business side as on the technology side.
Addressing critical components on the front end greatly increases the chances of success. That's where our staff comes in. Our project management consultants help plan the project and stay involved through completion. Many of our team members have earned professional certification in project management, the industry's most recognized and respected credential.
What role does the PMO play in agency IT projects?

It's simply people interacting

We look at it this way: We're your partner, and

with people to get a job done. It's

we share an equal responsibility for the project's

achieving objectives to meet

success in meeting your business needs.

business needs.

In most cases PMO staff function as consultants,

From a strategic perspective,

acting as coaches or mentors to agency project

project management ensures that managers. Having another perspective helps

projects are correctly

ensure the quality of the

identified, prioritized and managed in

It's not enough to meet

project. We can assist in making sure that important

relation to the goals

the project requirements

components aren't over-

We're your partner and share responsibility for success.

and objectives of the organization. It also clearly lays out the

if you don't meet the business need.

looked. That can be the difference between success and failure.

work activities

In one instance, we

necessary to accomplish the

turned a project back over to an agency and then

business requirements the project is were asked to continue to be involved. It's very

designed to meet.

gratifying when the relationship works well and the

We help agencies integrate the agency is so pleased with our contribution.

discipline of project management into their IT projects. We follow the practices of the national Project

Does the PMO assist with all IT projects?

All the documents in the world won't make a project successful.

Management Institute and are continually refining our own methodology. A variety of helpful tools will be available on our upcoming Web site. Although

GTA is mandated to oversee and manage large IT projects costing more than $1 million, projects with the potential to exceed $1 million and those for which a governance body requests our assistance.

agencies can use other method- When does the PMO get involved?

ologies if they choose, we believe our approach offers consistent practices and leading-edge industry standards which will encourage synergy among agencies.

In short, the earlier the better. Before a project even begins, we ask several key questions: Have the project's benefits, costs and risks been identified and discussed? Does it have executive

Fast Forward

Georgia

Page 4

sponsorship? Has the project been prioritized in relation to other projects? Answers to these questions guide the direction we take.
Sometimes agencies find themselves in "analysis paralysis," unable to decide how to begin to tackle a large project. We encourage an iterative process that divides the project into smaller tasks, enabling the team to progress and deliver.

Will project management services be available to local governments?
Yes. The PMO will offer consultation services to city and county governments. We will be able to provide assistance at a much reduced cost with the added value of our experience in managing government projects. We expect to make those services available this fall or winter.

Do you approach all projects the same way?
No. Each project and each organization are different, and any project management solution has to recognize that distinction. While the basic methodology is the same and follows industryaccepted standards, we tailor our approach.
One project may require more testing before launch; another may call for more contingency planning. In some projects, business process re-engineering is critical. It's not enough to meet the project requirements if you don't meet the business need. In all cases, you have to consider the business objectives, stakeholders and the environment.
Does project management mean extra paperwork?
Actually, no. The plans and tools generated during a project serve an important purpose. They keep the project from being dependent on an individual. If one staff person is away, someone else has to be able to pick up the plan and move the project forward.
That said, all the documents in the world won't make a project successful. It's the knowledge contained in them and the synergy resulting from the process that bring success.
Will the PMO offer training for agency project managers?
Yes. We're trying to work ourselves out of business. We're aiming to shift from overseeing projects to building capability and capacity within agencies.
We'd like to see more certified project management professionals in state government, and we'll continue to facilitate certification study groups. Every participant in the two groups we have sponsored so far achieved certification.
We also will start a project management academy composed of project management professionals throughout state government to offer training, advice and communication. The academy will then be able to train agency staff at a fraction of the cost of training in the private sector.

"It's impossible to manage large initiatives without planning..."
Sandra Haga can't imagine doing her job today without project management. The assistant commissioner for technology for the Georgia Department of Revenue (DOR) remembers all too clearly how things used to be.
"We began from ground zero," Ms. Haga said. "We didn't have any project management standards, and we had several projects in trouble, and no one knew the status."
Ms. Haga began working on methodology, standards and status reporting. "We worked closely with GTA's Project Management Office and shared ideas about what does and doesn't work."
DOR also began using project management principles to prioritize work and workload. The agency established an initiative review board to assign priority to each project, implemented a tracking system and began using forms and tools to help manage projects. "Before, we had many initiatives and very little prioritization. Everyone wanted everything at one time, and there simply were not enough resources to do that."
Ms. Haga has heard all the objections to applying project management principles--commonly, too much planning and paper--but she sees it as the best way to get the job done. "It's impossible to manage large initiatives without planning and status reporting. On a week-to-week basis, you can see if you're getting offtask, which makes it much easier to get back on track fast."
She has found that project management also aids in allocating resources. For example, if several members of the team are pulled from a project because of another task, managers can readily see the impact.
"If you aren't tracking and managing and using the right tools, you can't do that," Ms Haga said. "The best you can do is guess, and that's not good enough."

Fast Forward

Georgia

Page 5

Agency IT group to advise on standards

More than a dozen state agencies have selected

representatives to serve on the Georgia Enterprise IT

Leaders Forum (GEITLF).

GEITLF members

The group will assist GTA

Public Safety: Major Corky Jewell Audits: Lynn Bolton Industry, Trade and Tourism: Jeff Strane DOAS: Steve Fanczi Georgia Public Broadcasting:
Mike Nixon Community Affairs: Bill Folsom Motor Vehicle Safety: Wayne Phillips

in developing technology standards and providing education and training about the standards.
State agencies and GTA recently agreed to expand the membership of GEITLF and the scope

Treasury: Lisa Ferguson

of its work. In its new

GBI: Paul Heppner

role, the group will

Merit System: Deborah Belcher

influence high level IT

Corrections: Chuck Burden

decisions by recom-

Natural Resources: David Benoist

mending participants for

Transportation: Mark Swartz

work groups on state-

Revenue: Sandra Haga

wide standards that

Human Resources: John Hurd

promote interoperability

Teachers Retirement System:

and security. They would

Greg McQueen

also propose develop-

Technical and Adult Education:

ment of agency-specific

Debbie Dlugolenski

standards, advise

Community Health: Wade Miller

agency heads about the

policy implications of

proposed standards and sponsor educational

forums about standards to be adopted.

Lawmakers fund portal, data center modernization
T he General Assembly approved $8 million to fund development of Georgia's new portal, which will make it easy for citizens to find government information and services on the Web. The portal will connect families in need with services provided through the Department of Human Resources and local public and private agencies.
Lawmakers also authorized the issuance of $18 million in bonds to purchase a new data center facility. The current facility lacks many of the modern features now considered essential for reliability and security. GTA's extensive research revealed it would cost at least $32 million to construct a new facility. Numerous existing data centers are currently available in metropolitan Atlanta at reasonable costs because of the decline in dot-com and technology companies.

New technology expenditure reporting instructions to be issued by OPB and GTA
OPB and GTA will issue joint budget instructions for requesting IT expenditures in an effort to eliminate duplication and unnecessary paperwork. In addition, state agencies will be asked to prepare an annual expenditure report incorporating information required by the General Assembly.
Several state agencies are consulting with OPB and GTA on the joint instructions for fiscal year 2004. The instructions will ask for a briefing paper on new IT projects that cost more than $100,000 and for cost breakouts by application and for consultants, licenses and maintenance agreements for continuation items.
According to Roosevelt Council, GTA chief financial officer, the application breakout information will provide a basis for doing a cost-benefit analysis that can demonstrate how information technology appropriations support critical services. Sharing information and comparing prices among agencies also will strengthen the state's negotiating position for future purchases.
Lynn Ladd, GTA's director of budget and rates, expects the new instructions to be less time consuming for agencies and more useful in planning and budgeting for IT. "Sometimes, it's difficult for people to see the connection between appropriations and the services they support," she said. "The information will help elected officials, agencies and the public see how the money is used."
Reporting on IT purchases is mandated by the legislation that created GTA. Agencies will be asked for quarterly and annual financial reports based on those requirements, which will eliminate monthly reporting.
For the FY 2002 report, agencies will be asked to provide information available within the current financial framework. This year's report will include expenditures by application; line item detail of all IT expenditures; status of systems currently under development; and assets or value of current inventory related to IT. Reports for future years will be expanded, but overall, less detail will be required.
Agencies will receive instructions for preparing FY 2002 reports by June 30.
The reports will be due to GTA by September 1. GTA will compile the information and generate a report for the Governor and General Assembly by October 2002.

Fast Forward

Georgia

Page 6

Seminar to help non-IT managers with basic tech concepts

S tate agencies are invited to send senior non-IT staff to a day-long seminar on basic information technology concepts and practices. GTA is offering this seminar a second time, based on favorable responses to the first seminar held in April 2002.
The seminar is structured to help managers who don't have a technology background understand issues involved in information management. "Techie" terms are defined, and presentations highlight how developments such as enterprise computing and security breaches affect agency operations.
Dana Russell, commissioner of the Department of Administrative Services, said he plans to send all of his program managers to the next seminar because "it will help them better understand the systems that support their business operations. This knowledge will not only allow them to communicate better with our IT staff, but also inspire them to envision better ways to move and share information--ultimately improving service to our customers."

What stands out in Jane Shah's mind is the

questionnaire used in the seminar section on

security. "It's a great tool to use in working with your

IT people to share an

understanding of how important security is and the checks and balances we need to be mindful of," said

The seminar will help program managers better understand systems that support

Ms. Shah, deputy

their business operations.

executive director of

the Georgia Student Finance Commission. Other

sections cover milestones in hardware and software

development, networking and telecommunication,

computer architecture and interoperability.

The seminar will be held June 28, 2002,

8:30 a.m. 4:30 p.m., at Kennesaw State University

(KSU). To register by phone, call KSU's Vita Brown at

770-423-6784 or 1-800-869-1151. You may also

enroll by e-mail at vbrown@kennesaw.edu.

What's in a (domain) name?
Singer to help guide national initiatives on Internet addresses

Georgia CIO and GTA Executive Director Larry Singer is participating in separate initiatives to shape the use of Internet domain names .gov and .US.
Some state and local governments currently use .gov as their domain name, while others use a variety of other suffixes. Mr. Singer is part of a group convened by the U.S. General Services Administration to make rules to allow state and local governments to use the .gov domain name to make it easier for users to reach government agencies electronically. The federal Office of Management and Budget and General Accounting Office also are working on rules for using .gov.
"Right now, reaching government agencies can be difficult if you don't know their exact Web address," Mr. Singer said. "A standard domain name will help alleviate the confusion and frustration." Singer said that over the next year, state agencies in Georgia will be able to adopt .gov for their Web presence and e-mail.
Mr. Singer also has been appointed to a council responsible for policy recommendations for .US (pronounced "dot US"), the official Internet domain name of the United States.
Individuals, organizations and businesses in America can now get a .US Internet address, which

can be used for e-mail, a Web site or both. Unlike

popular domains such as .com and .org, country

codes such as .US are assigned to each country to

manage as they please. Until now, the United States

reserved the .US domain primarily for state and local

governments, schools and libraries.

People can now purchase the .US

State agencies in

address they want and keep it even if they change Internet service providers. Mr. Singer will focus on protecting the integrity of the public

Georgia will be able to adopt .gov for their Web presence and e-mail.

sector's use of the .US domain,

allowing state and local governments to reserve all

.US domains that might be interpreted by the public

as being related to an official government site.

The 10 member council will assist with critical

policy issues for .US and is facilitated by NeuStar,

the firm selected by the Department of Commerce

to manage .US. Policy council members are experts

in many areas, including Internet and communica-

tions technology, Internet policy, business, intellec-

tual property, government affairs, consumer issues,

and knowledge of existing uses of the .US domain.

For more information about .US addresses, visit

http://www.about.us.

Fast Forward

Georgia

Page 7

Legislators set up overview committee
G eorgia's General Assembly has passed a bill establishing a six-member overview committee to periodically assess GTA's progress in achieving legislatively mandated goals.
The bill, HB 1445, was one of several technologyrelated measures considered by lawmakers during this year's session.
The overview committee is also charged with reviewing GTA's operations, contracts, financing and organization. It is similar to committees set up for the Georgia World Congress Center Authority and the Metropolitan Atlanta Rapid Transit Authority.
Members will be appointed by the Speaker of the House and the President of the Senate. They will each name three members, and one from each group of three will be named as a co-chair.
Georgians online
Georgia continues to lead the country in the number of people filing state income tax returns electronically, with 1.5 million Georgians filing online in 2002. The number has increased by at least 200,000 people every year since online filing became available in 1997.
The state's Web site is growing in popularity. Almost 3 million people visited the state of Georgia homepage in 2001.

Wireless LANS, from page 1
physical protection of wireless devices, particularly laptop computers
processes for authorizing and documenting changes to wireless LANs.
The standards require ongoing audits, both realtime and historical, to make sure their provisions are being followed. They also call for periodic assessments to determine whether unauthorized connections or changes to the LAN have taken place.
Focus on the way people work
But the standards address more than technical factors. They also focus on the way people work and call for training to raise awareness about security issues. Seemingly innocent actions on the part of users can make it easy for hackers or others to gain unauthorized access to sensitive data.
"It's essential for workers to understand the vulnerabilities of the technology they use," Mr. Singer said. "Contrary to what most people think, workers who are authorized to use the system are responsible for the majority of security lapses. They don't do it deliberately. They just don't understand how vulnerable networks can be and the small steps they can take to make a big difference in security."
See page 2 for an article outlining some of those small steps that everyone should take to protect their computers at work and at home.

Fast Forward Georgia
Published bi-monthly and available online at www.gagta.com 100 Peachtree Street, Suite 2300, Atlanta, Georgia 30303 404-463-2300, FAX 404-463-2370
Paula Calhoun and Michael Clark, Editors; Sherry Britt, Designer
GTA Division & Office Directors
Larry J. Singer CIO & GTA Executive Director, ljsinger@gta.ga.gov Tom Wade Chief Operating Officer & Deputy Director, twade@gta.ga.gov
Steve Nichols Chief Technology Officer & Deputy Director, snichols@gta.ga.gov Cigdem Delano Assistant Director, cigdem@gta.ga.gov Chris Tomlinson Assistant to the Director for Policy, ctomlins@gta.ga.gov
Kerry Bass Director, Agency Relationship Management Division, kbass@gta.ga.gov Roosevelt Council Chief Financial Officer & Director, Financial Division, councilr@gta.ga.gov
Renee Herr Chief Network Officer & Director, Telecommunications Division, rherr@gta.ga.gov Gina Tiedemann Director, GeorgiaNet Division, gtiedemann@gta.ga.gov Derrick Wheeler Director, Information Resources Management Division, dwheeler@gta.ga.gov Joyce Goldberg Director, Office of Communications, jgoldberg@gta.ga.gov Danette Joslyn-Gaul General Counsel, Office of General Counsel, dgaul@gta.ga.gov Sondra Rhoades-Johnson Director, Office of External Affairs/Business Development, sondrarj@gta.ga.gov
Beverly Walker Director, Office of Human Resources, bwalker@gta.ga.gov Robert Woodruff Director, Office of Technology, woodruff@gta.ga.gov

Fast Forward

Georgia

Page 8