IPMA News : August 2004
Edited By Mary Ellen Bradley and Dennis Jones
L&I's Patch Management for Desktops Project
-- by Marjorie Dausener, Department of Labor and Industries
The Department of Labor and Industries recently adopted a new Patch Management process in response to the large numbers of patches released by Microsoft to fix vulnerabilities in the XP operating system. While XP is a very stable desktop operating system with great functionality, it has become a target for hackers. These hackers seek to exploit any operating system vulnerabilities by creating viruses and worms. Microsoft writes patches that fix the code the virus is trying to exploit.
The problem for any business is how do we learn about, assess, test, verify, and deploy all the patches that are released? And how can we do this rapidly when the threat is high?
To answer these questions, a Patch Management project team (see photo) was formed. The process below was developed.
- Patch rollouts occur on a monthly cycle and are set up to coincide with Microsoft's release of its patches.
- A Risk Analysis model was developed by IT Security for assessing security patches. The patches are rated 1 through 5, with 5 being the most critical.
- A Technical Review Team was created. This team includes network technicians, application developers and desktop support staff. They evaluate the patches against the applications they support. Typically, they test the patches as well.
- Once the patch has gone through the Technical Review Team, assuming there are no errors found, it is rolled to groups of business area customers that receive the patch before the rest of the agency. These testing groups are called "IceBreakers" as they are "plowing the way" for the rest of the agency. The formation of these groups was the last piece to put in place to complete the project.
- The IceBreakers are to simply do their work. The more they use the application the better the verification. There is no special testing involved.
- IceBreaker members were selected from across the agency to ensure that all agency standard applications are tested.
- There is a support model and a tracking method in place to ensure any problems are documented and fixed by desktop support technicians.
The project team piloted the new process this past spring, and based on its success, the new process was officially adopted.
Return to Top
News from the Past
5 Years Ago -- August 1999 IPMA Newsletter
10 Years Ago -- August 1994 IPMA Newsletter was not published
15 Years Ago -- August 1989 IPMA Newsletter was not published
20 Years Ago -- August 1984 Association of Data Processing Managers Newsletter
25 Years Ago -- August 1979 Association of Data Processing Managers Newsletter
30 Years Ago -- August 1974 Association of Data Processing Managers Newsletter
Return to Top
Summary of July 8, 2004 IPMA Board Meeting
Members Present: Jim Albert, Thomas Bynum, Phil Grigg, Sheryl Hall, Dennis Jones, Dennis Laine, and Shelagh Taylor. Phil Coates, CFO, and Jim Andersen, Forum Events Manager, were also present.
Thomas Bynum, IPMA Vice-Chair, opened the July 2004 meeting of the IPMA Board of Directors at 7:30 a.m.
Secretary/Treasurer: The minutes from the June 2004 Board meeting were approved.
The Board approved the June 2004 financial status and activities reports.
Forum 2004: Jim Andersen presented the final 2004 Forum status report.
- Vendors: All 47 vendors have paid for their 2004 booths
- Corporate Sponsors:
- We have commitments from 26 vendors who want to be sponsors next year.
- Twenty-one sponsor fees have been paid. No change from the June report.
- Waiting for payments from Xerox, Verizon, Unisys, Filenet and Sun.
- Forum Attendance: We had 650 attendees register on Tuesday and 237 register on Wednesday for a total of 887. After clean up of the data, we ended up with 774 registered attendees, 166 were new in that they hadn't registered at a forum for the past four years. The number of state employees was 665 or 85% of the total. The following is a breakdown of attendees by classification:
- Developers & Data Administration 261
- Managers 118
- Project Management 89
- Security & Networks 78
- Consulting 37
- Telecom & Wireless 25
- Training 18
- Other 148
- Forum post-event review: Listed are some suggested changes for Forum 2005:
- Use online registration
- Develop a "lead" system to electronically collect names at the door and to produce attendee name tags.
- Use IPMA gift (portfolio) as a reward for legibly completing the registration forms.
- Do a better job of inviting the private sector.
- Modify the exhibit floor to encourage attendees to visit the vendor area.
- Add some sessions on "best practices" and "state concerns."
- Reach out to the state Indian tribes.
- Bring in an espresso bar.
- Avoid lunch sessions.
- Stagger start times for breakout sessions.
- Put daily breakout sessions schedule in front of each conference room.
- Try to avoid conflicts with other northwest technology shows.
- Add name and title of speakers to all breakout sessions.
- Sessions should be more technical.
- Provide 6' (not 8') tables for all booths.
- Seek more involvement by ACCIS because of their use of state RFP's .
- Shorten sessions to 45 minutes. (There was a lack of agreement on this suggestion.)
- Move earlier to sign up keynote speakers.
- Use DOP mailing lists and add a DOP person to the planning committee.
- Stop the over pricing by GES.
- Advertise Forum as a technology show and as a training event.
- Tax Facts flyer from Department of Revenue: The June 2004 Tax Facts notice state the following: "Special event promoters and vendor verification - SB 6663 (Chapter 253, Laws of 2004) requires that special events promoters make a "good faith effort" to verify that vendors at their events are registered to do business with the Department of Revenue. It also requires that such promoters make a good faith effort to keep and preserve specific vendor information records for a period of one year from the date of the event. "Effective June 10, 2004." The board directed Phil Coates to work with Jim Andersen to ensure that we are in compliance for the 2005 Forum.
Communications: No Report
Professional Development: Sheryl Hall presented the following committee report:
- June 23, 2004, IPMA Seminar Update: "VoIP - Voice Applications on the Network" with Right! Systems and Seitel Leeds and Associates
- 60 People registered
- 5 cancelled prior to the event
- 45 attended the event, at 11:30 there were approximately 39 present (expected for this type of event - small target audience.)
- 24 evaluations received
- Ratings were primarily between 4 and 5 $ A few of the comments received:
- Would have liked to have seen some high level examples of Total Cost of Ownership (TCO) - real experiences.
- Very, very good job!
- This was perhaps the most focused and relevant presentation on IP Telephony in State Government that I've seen to date.
- Too much jargon
- Great job overall!!
- August 12, 2004, Seminar, "Tools for Managers Faced with Change Management Issues," is on track.
- Marketing materials will be completed this week
- Will send announcement to Bob Monn next week for posting
- Working with Saint Martin's Catering and Facilities for food menu/setup
- Allen Schmidt and Sheryl met this month to start planning the October seminar. They will meet again in August to match topics with the 2005 dates reserved with Saint Martin's for facilities.
- Sheryl also noted that there had been requests from speakers at various seminars about getting the copies of the attendee lists. The board decided that consistent with Forum policy, names and mailing addresses could be provided. However, telephone numbers and/or e-mail addresses will not be provided until an "opt out" mechanism is developed. This will be a discussion item at the 2005 board planning retreat.
Executive Seminar 2004: Phil Grigg reported that they are on schedule for this year's Executive Seminar. Thus far there are 30 people registered to attend. The target is 70. Phil encouraged the board to expedite the registrations for their respective agencies. He also noted that the registration isn't official till the payment is received.
Business Planning: No Report
Management Development Program: Dennis Jones distributed and discussed several high quality handouts that detailed the results of the June 22, 2004 Mid-Manager Focus Group Session.
Purpose: The purpose of this focus group session was to seek input from a group of IT mid-managers on the development opportunities they need in order to progress into senior IP leadership positions in the state, and how they would like those development opportunities packaged and delivered.
In Attendance: Nine mid-managers, two CIO's and two facilitators.
Results: The managers reviewed the "Business Management Competency Framework" provided by the facilitators and indicated through a show of hands their interest in having a particular competency area included within the scope of the proposed manager development program. High scores indicated high interest. Low scores and interest did not necessarily indicate that the subject was not important, but rather that it was not needed as part of this proposed program because it could be easily attained elsewhere, was not something that could be "taught," or should already be a competency of people engaged in the proposed program. Fifty-seven topic areas were weighted and ranked. The top ten of those are as follows:
- Organizational transformation (managing cultural change) 92.16%
- Partnering 90.2%
- Negotiating/influencing 90.2%
- Portfolio Management 90.2%
- Networking 88.24%
- Decisiveness 88.24%
- Performance measurement and improvement 88.24%
- External awareness 86.27%
- Labor Relations 86.27%
- Delivering competitive services 86.27%
- Like the UW Project Manager model
- Some non-academic activities as well like exposure to ISB meetings, CAB meetings, Governor's Cabinet, Legislative hearings, etc.
- Building personal networks is important
- Extended time frame - don't pack it all in at once (like an extended MBA program)
- Good instructors and reading lists
- Include some "case studies" - especially related to real-world Washington experiences.
- Rotational assignments would be very valuable
Who should attend
- Should be nominated and selected. Not self-selected.
- Managers who manage other managers/supervisors
- Progressive experience
- Project managers
- Not just anyone, but those with "potential"
- Comparable to UW and other programs
- Didn't get much feedback
- Should there be some self-pay to show interest in self-development?
- Quality management
- Customer Relationship Management
- Managing "Geeks"
OTHER BUSINESS: None
The next board meeting will be held August 12, 2004, at the Shipwreck Café. The meeting was adjourned at 8:34 a.m.
Return to Top
IPMA, P.O. Box 1943, Olympia, WA 98507-1943