Volume 5 No. 4
May 4, 1978
"Mr. Leonard Nord, Director" Department of Personnel
Golden Carriage, Olympia
Want to know all about the upcoming Salary Survey? or What has been happening lately in the Department of Personnel?
Come to the May meeting of the Association and find out. We are please to have Mr. Leonard Nord, Director for the Department of Personnel, as our speaker.
A graduate of the University of Minnesota in 1950, Mr. Nord became employed with the Minnesota State Civil Service Department through 1953. Since then he has worked for the Washington State Personnel Board as Supervisor in Classification and Pay, as Personnel Manager with the Department of Institutions, and in 1967 he became Director of the Department of Personnel.
Mr. Nord is a past member of IPMA Executive Council and past President of the State Personnel Administrators Association.
The May Association meeting will bring you up-to-date on Department of Personnel activities.
ROBIN H. TRENBEATH
Robin H. Trenbeath began his data processing experience by working as a System Assistant for Highline School District in Seattle during his senior year in high school. He continued to hold this position part-time while earning his degrees at the University of Washington in Seattle. His Bachelors in Marketing and Finance was attained with a grade point average of 3.05, " and his Masters in Business Administration with a GPA of 3.56.
His next position was Project Supervisor for Snohomish County in Everett, where he gained experience in a teleprocessing environment. His central project responsibility there was in Criminal Justice applications.
Robin next moved to Computer Systems, Inc. (CSI) in Seattle, where he worked as project manager and Systems Analyst on such projects as: An Assessor's Record Management System for Yakima County; an accounting study for the State Department of General Administration; and a sign inventory system for the Traffic Engineering Department, City of Spokane. While at CSI he was involved in bid estimating, company resource allocation, and marketing to outside clientele.
In January 1974, Robin came to Olympia as the Information Systems Director for the Administrator for the Courts Office. His responsibilities have included the budgetary and organizational planning for the development and implementation of a centralized, statewide judicial information system under the supervision of the State Supreme Court. Robin is charged with directing data processing support for all the courts in the state; and therefore, works closely with and is staff support to the Judicial Information System Committee recently established by Supreme Court rule.
The plan for implementation of the statewide Judicial Information System is to bring on, county by county, an index of all names associated with a case, including the plaintiff, respondent, lawyers, and witnesses. The system will include docket- accounting, and calendaring, and will enable on-line tracking of the status of each case. The use of Adabase- will allow court personnel to query the files. When fully operational, the system will have 400 to 500 terminals on-line to an IBM 3031 located in the basement of the Public Lands Building. While the cost benefit analysis does not project any court staff cuts, it does show a slowing in the rate of hiring. The expected break-even point for the Superior Court system is in 1983 and by 1985 the return to the taxpayer is estimated at over $1,000,000 per year and exculating. By 1985, the system will be handling 200,000 transactions daily during normal office hours.
Robin played football in high school, and stays, active in racquetball, salmon fishing and bow hunting. His is a member of the Washington State Bow Hunters Association and has brought home four deer in the past eight years. Other hobbies are photography and painting landscapes and abstracts. He likes historical novels and anthropological nonfiction. He is a member of the Young Men's Business Club and committee chairman of the Centralization/Decentralization Policy committee for the Data Processing Authority.
Robin's wife, Barbara, is an active tole painter and a member of the Pacific Pallets. She also enjoys working around their home on Johnson Point and taking care of the family pets, Beauregard and Charlie. Another activity which keeps her busy is the annual visit by two nephews for their summer vacation.
When he assumed his current responsibilities, Robin wrote a "Shop Philosophy" which serves both as an introduction to new staff and a constitution for the organization. The document is best summarized by Robin's conviction that: "Resources make things possible People make things happen."
All of us have experienced some difficulties with trying to fill vacancies with candidates referred by the Department of Personnel. Why is it that some candidates are unsatisfactory? Sure they appear to possess the necessary education and have the amount of time on the job to meet the minimum qualifications; but, isn't there more to the picture than just education and longevity?
We are all to blame for permitting these candidates to gain admission to and to sit on registers and, on occasion block our attempts to hire competent employees.
We have all been exposed to the incidents where supervisors have pawned off an incompetent employee to another agency. Soon after, the employees moves to another agency. This vicious cycle must stop. As managers we must be honest to each other.
How many data processing shops have employees who have been pushed off into a corner to stagnate? How many corners are there?
Let's face our responsibilities as managers. If an employee can't or won't produce, terminate him or her. Get them out of state service, not just your shop.
Let's improve our data processing registers. When you or a subordinate sit on an oral examination panel, be prepared, know what is expected of the candidates. It the candidates -fail to demonstrate that they possess the knowledge, skills, or ability to perform, then don't pass them.
Let's Put Models In Management
Do you have the feeling your workload is increasing while the resources available to accomplish the work are shrinking? Perhaps you have concluded that you . . . "can't get there from here."
This condition is relatively common among managers and is described in the following model.
*The overload situation where an individual cannot properly discharge his duties and responsibilities in the time available. This model is based on the maxim - - "Don't put out more tomato plants than you can carry water to."
How do we wind up with the Tomato Plant Problem? There are at least four reasons:
As managers, you have three responsibilities with regard to the "Tomato Plant Problem."
*Taken from Model-Netics, a copyrighted program of Main Event Management Corporation, Sacramento, California.
Mike Pennachi DOL
Because of the recent discussion within the Association concerning an Agency based organization versus a professional organization, I asked Mr. Branscomb to submit the following article. Perhaps there is a need for a DPMA in Olympia.
A professional organization's primary tasks are to look after the advancement of its profession, to provide information and education and to make contributions to the environment it affects.
Data Processing Management Association (DPMA) is structured from the individual member making approximately 270 Chapters world wide that are divided into Regions which are tied into one International Office in Parkridge, Illinois. It is at the Chapter level that responsible and concerned professionals have the opportunity to grow and to share that growth so that their profession continues to mature and to be an asset to the community. DPMA Chapter activities are supported at the Region and at the International level through various publications, educational programs, an Annual International Meeting, and two Region Conferences each year.
It would be my pleasure to attend one of your meetings for a further discussion of the DPMA.
Dale R. Branscomb, CDP International Director
DPMA, Puget Sound
IN THE END, THERE IS MAN
Computer security is something nearly everyone wants, no one entirely has and few people know how to get. The subject is almost a contradiction in terms, for what is a computer but a fast way to use and store data? Security implies restricting that use. Was it not data processing that inspired new ways and new magnitudes of errors. Now there is the realization that it is necessary to have some degree of control over this incredibly advanced technology. That control is called security.
Ask ten people their definition of security and there will be ten different answers. Are guns and bullets and articles of war relevant to computer security? Man has become -hopefully -- much too civilized in this industry for that. What about the common bar magnet? An instrument, yes, but one that's been addressed. There are magnet detectors and card entry systems -- like State Farm Auto Insurance in Bloomington, Illinois, where an IBM System 7 monitors the doors. If it detects an illegal entry -- even tailgating -- a burly security guard is dispatched to the scene.
Is natural disaster a part of the problem? It undoubtedly is, but companies have taken care of that, too. Computer rooms are built on the highest ground in the country. Buildings rest on giant springs in case of earthquakes. With direct lines to local power plants and auxiliary power in the basement -- it's all figured down to a probability of occurrence computed from data gathered over the last hundred years.
What, then, is there left to this discussion on computer security?
The human mind.
Here we are today sitting in the midst of exploding technology, with little control over the ramifications of such technology. The impact of data processing has been total. Absolutely everything we sue or buy or wear or see has, in some way, been influenced by the computer. Both applications of computerization and the concern for security over that technology have accelerated recently with the advent of teleprocessing and telecommunications.
Belden Menkus of Bergenfield, New Jersey, is an independent consultant on computer security, who, over the last 30 years, has authored millions of words of wisdom about the state of the dilemma. His mind is one of the world's most fertile reservoirs of information on where we are -- and where we are going -- in the context of workable computer security.
"In the batch environment, keeping track of things and what is done with them is relatively easy," he said. "But the world is going on-line. And with the computer terminal comes an unprecedented accessibility to data. There isn't a security system in use today that can prevent some kind of computer access from terminals outside the installation." Yet applications for on-line computerization continue forth limited only by the imagination.
Look at the remarkable Santa Monica experiment: To test the use of a cable TV/computer tally of public opinion during city council meetings, issues were capsulized from the meeting, broadcast over cable TV, and using a switchbox device like some hotels use to show movies, people could vote on the issues. The minicomputer received the signal, validated the person's voter registration, checked to see if he had voted before on the issue, and tallied the count. The experiment was successful on a test basis, but imagine a national election via television. It is technologically possible to "stuff the ballot box" such as was undreamed of by the most ambitious politician -- even if there is hard copy output at the counting station.
Extend this one application to others and talk about on-line catalog purchasing via the telephone. Or what about electronic transfer of funds (EFTS)? Many EDP auditors in the banking industry are professionally holding their breath hoping EFTS stays under debate until they retire -- because, they say, keeping control of it will be a nightmare. What about a computerized stock exchange that includes transfer of securities, and weapons defenses that exchange data? These is no doubt it is absolutely essential that some method or means be formulated to insure security online.
The problem broadens and deepens with the very distinct trend in business today that says more people not specifically trained in data processing are getting involved with it in some way -- more and more -- every day. According to the National Association of Industry and Commerce, which does a nationwide poll every ten years, only 2.8 percent of upper management business in 1966 had any direct contact with DP. In 1976, however, that figure was 53 percent. Toss in burgeoning ranks of EDP auditors, RJE branch offices, and terminals -- terminals everywhere in the sales office, in the purchasing department, on the loading dock, even at the receptionist's desk -- and we have begun to scratch the surface of DP use today.
Thus are we to bolt the doors and thicken the walls? Build the data center above highest recorded flood stage? Spend thousands of dollars on magnet detectors? Pack in alternate power sources and post round the clock battalions of armed guards? The computer still is not secure. Between all the applications and the DP machines stands the human mind. Computer security expert Don Parker of Stanford University is often quoted as saying, "The computer programmer has more ways to do damage than any ten criminals with a gun. He is potentially the greatest danger to the business community today." But perhaps worse than the intentional damager-doers is the person who would devastate whole man-years of effort through one mistake... an honest, naive mistake. That person is often undetectable.
The problem, then, is twofold: how to prevent the technical bad guy from using the computer to do nasty deeds; and how to minimize damage done by the honest mistake.
Stopping computer wizards with a will to do damage is next to impossible. Data processing is a man-made entity, and whatever man has put together, some other person can manipulate for his own benefit. Given enough time and opportunity, the precocious programmer can do just about anything he pleases.
The approaches being taken today to thwart such activity are applied on a basis of creating a degree of difficulty. For example, encryption of data -- it is a common belief that if one doesn't want an unauthorized person to see or understand data, then it can be scrambled. Transparently to the programmer, one can de-intelligize it at input and translate it upon output. The method varies from a simple bi-reversal to a complex multilevel algorithm, depending on the internal requirements of the facility. Such a solution for disguising data is highly touted by independent consultants such as James Kitchen, who writes about such things in the DP journals.
But is encryption an answer? Certainly not a panacea solution, encryption only works if it has a better than 1,000hour code-cracking coefficient. Any less time needed to crack the code would be feasible for the determined data thief. But over 1,000 hours will give the routine a reasonable life before it must be changed.
Certainly, encryption is one answer, but it is complicated to maintain and change, and sometimes data gets lost during teleprocessing and finds its way back into the sending system in a scrambled format, at which time it becomes difficult to find and repair.
What about passwords? In the batch environment, passwords or programmer ID tends-to work fairly well for at least keeping tract of who is doing what, and to whom, how many times. In the terminal environment, passwords have some shortcomings.
They begin when a programmer decides to go to lunch while his job is awaiting execution. He tells a colleague what the password is that's needed to run the job while he's gone. Suddenly it's not a secret anymore. There are even shops that use programmers first names for their passwords. Hardly an unbreakable code.
This is the point in the discussion where Belden Menkus gets particularly animated: "Theoretically, with proper access codes and identification, the work performed by the computer can be tracked. Unfortunately, access codes and ID's can be falsified; there is rarely a record of where in the world the terminal is in use, and terminal ID is not the same as personal ID. The only real solution is to have voice print or fingerprint ID by some optical scanner or something to insure that a specific person is eligible to use specific data."
Those charged with "securing" data must get between the human mind and the computer for success. There is the system solution. The heart of any data processing organization is its program library. Control access to the program library or the members within it and one is at least on the road to security. A company's investment in a program library often runs into the millions of dollars. If a data center had only five programmers working for two years, the salary and machine investment along in that library is well over a quarter million dollars. The fact that indispensable organization functions depend on that program inventory only enhances its value. It is in the library where an alteration of programs to get at data must take place, and, it is here where the greatest damage can be done by an inadvertent error.
Along the most widely used systems are library management products, some of which, like Pansophic's PANVALET, have many built-in security features. These are some of the system capabilities available today:
With all of these functions available on-line, through created systems or user-written interfaces, some security tools do exist. But as extensive as these measures are, they only offer partial security. Even the best access codes are not foolproof -- only tough to crack.
What, then, is the true security solution? It has become obvious that no device, no program, no management standards can create security. They only create a challenge to the technical gamesman.
After the implementation of modern management systems the next key to security is an often overlooked thing called "honor-it If an honorable attitude can be created in the human minds working with data, we are a long way towards home, because much computer crime is a back-lash reaction at an organization. Like all security measures, it cannot thwart every form of abuse. But it can lessen the vast potential of abuse through retaliation.
Creating that positive force will mean management must know their people, working with them to build a sense of their worth, value and responsibility. By using the management tools of personal attention, kindness and concern for the interests of people as individuals, an organization will have installed the most positive security measures known to man.
Lee Mulder, 32, is Corporate Communications Manager for Pansophic Systems, Inc., Oak Brook, Illinois. Serving as liaison between the technological world of computers and the more pragmatic world of business, he has spoken at over 100 data processing functions. A journalism graduate from the University of Wisconsin, Mulder has written articles for Time, National Geographic and a number of other publications, as well as serving as editor of the Kraft Foods Company Magazine.
Future Trends in Communications
May 18 at the Governor House
Each spring, the Washington State Association of Data Processing managers has a spring conference. This year, the conference will be on data processing communications.
Views on how the state can efficiently and effectively develop communications networks will be presented. Also, companies having major nationwide communications networks will be providing information about how their networks evolved and what future trends they see in communications networking. Included also will be the security aspect of communications.
The conference will be an all-day affair including a buffet luncheon and an enlightening luncheon speaker.
Registration forms and program agenda will be mailed soon. Please register early and participate in one of the association's biggest events.
Association Minutes - April 6, 1978
The meeting was called to order at 12:25 p.m. by Chairman Jim Anderson. There were 41 members and guests present.
Dick Nelson introduced the guest speaker, Orin Smith, Director of the Office of Financial Management.
Mr. Smith enumerated several concerns which he has concerning data processing. His major concern was that we will retard the development of a very, very useful tool. There were seven specific areas of concern which include:
In final analysis Mr. Smith feels that the most important thing for all of us is to focus on articulating better the benefits we are receiving from data processing.
Mr. Smith's speech will be printed in the newsletter later.
Jim Anderson then opened the business portion of the meeting. Bobbi Giovannini gave the Treasurer's report. The March balance was $558.89 and $3.56 was spent for the April speaker's lunch. This leaves a balance of $555.33.
Jim Michal gave the DPA announcements for the April 5, 1978 meeting. There were three items of special interest; Don Tierney, LEAP Administrator, has been appointed to the DPA to replace Dick White who retired; Ted Nelson, formerly with the State Auditor's Office, has recently joined the DPA staff and fills its audit position; and the Authority approved the summaries of the agency plans and the DPA staff recommendations for level of approval which include approved, limited approval, and not approved. In addition, Ron Hamblen, Of Office of the Superintendent of Public Instruction, presented his agency's plan in response to the Authority's request.
Dick Applestone presented the Job Matrix Committee report. The committee met on March 13, 1978 and developed selective certification criteria such as equipment and software which is necessary before the Job Matrix can be implemented.
Cliff Cotey reported for the Personnel Liaison Committee. The committee has responded to the Department of Personnel concerning the draft procedures for the salary survey. The next step will be to review the benchmark description. The committee received a letter from DSHS concerning the screening of design programmers, perhaps using the existing Programmer II test. The committee also discussed a survey from Garry Hull. This survey is to apply to new positions or reallocations only.
Don Smith reported that the Training Program Committee has not met, but he did request input concerning a new training needs survey.
Bob Payne reported that the Bylaws Committee had met again. After consideration of the earlier preference survey they have developed a new set of bylaws. These were sent to the voting members for their comments. Their comments have now been incorporated into the bylaws and the ballots will be sent out early next week.
Galen Schmidtke reported for the Centralization/Decentralization Committee. They have held three meetings and defined the scope of their study, data processing resources, and impact areas. Four subcommittees have been formed to develop surveys for vendors, agency directors, teleprocessing, and information networking. They have a sample policy for discussion; but, they feel that the guidelines is the most important area.
Bob Payne reported that a committee has been formed to review the DPA Security procedures. The committee members are: Larry Bundy, Dick Conant, Sam Crawford, John Flanagan, Carl Harrington, Morgan Jacobson, Roy Leicht, Paul Rissberger, Captain Paul Schults, and Larry Seaberg. Their first meeting will be April 13, 1978.
Under new business, Dick Nelson gave a report on the Spring Seminar. It is set for May 18, 1978 and the main topic is Communications. Such participants as Pacific Northwest Bell, Federal Communications Commission, and one of the interconnect companies will be on the schedule. The presentations are to be on the management level, rather than technical. There are currently no intentions to limit attendance but reservations will be required.
Jim Anderson then asked Bobbi Giovannini to be chairman of the Nominating Committee for next year's Association officers. Nominations will be made at the May meeting and new officers announced at the June meeting.
The meeting was adjourned.