Skip Main Navigation
Official Nebraska Government Website
NITC Logo
Skip Side Navigation

STATE GOVERNMENT COUNCIL
Nebraska Information Technology Commission
Thursday, August 9, 2007, 1:30 p.m. - 2:30 p.m.
Nebraska State Office Building - Lower Level B
301 Centennial Mall South, Lincoln, Nebraska
MINUTES

MEMBERS PRESENT:

Dennis Burling, Department of Environmental Quality
Tom Conroy, OCIO - Enterprise Computing Services
Josh Daws, Secretary of State’s Office
Keith Dey, Department of Motor Vehicles
Pat Flanagan, Private Sector
Dick Gettemy, Department of Revenue
Steve Henderson, Alt. for Brenda Decker, Chief Information Officer
Glen Morton, Workers’ Compensation Court
Jim Ohmberger, Health and Human Services
Gerry Olligmueller, Budget Office
Mike Overton, Crime Commission
Doni Peterson, Department of Administrative Services
Bob Shanahan, Department of Labor
Rod Wagner, Library Commission
George Wells, Correctional Services

MEMBERS ABSENT: Bob Beecham, NDE Support Services; Mike Calvert, Legislative Fiscal Office; Rex Gittins, Department of Natural Resources; Dorest Harvey, Private Sector; Lauren Hill, Governor’s Policy Research Office; Jeanette Lee, Department of Banking; Terry Pell, State Patrol; Jayne Scofield, OCIO - Network Services; Janice Walker, Supreme Court and Bill Wehling, Department of Roads

ROLL CALL, MEETING NOTICE & OPEN MEETINGS ACT INFORMATION
                                                                         
Mr. Henderson called the meeting to order at 1:35 p.m.  There were 15 voting members at the time of roll call. It was stated that the meeting notice was posted to the NITC, State Government Council and Nebraska Public Meeting Calendar Websites on July 2, 2007 and that the agenda posted to the NITC Website on August 6, 2007. A copy of the Open Meetings Act was located on the front table.

PUBLIC COMMENT

There was no public comment.

APPROVAL OF JUNE 14, 2007 MINUTES

Mr. Flanagan moved to approve the June 14, 2007 minutes as presented.  Mr. Conroy seconded.  All were in favor.  Motion carried.

STANDARDS AND GUIDELINES - INFORMATION SECURITY POLICY

Purpose:  To provide a uniform set of reasonable and appropriate security safeguards for protection of the confidentiality, integrity, availability and privacy of State of Nebraska information collected, stored, and used to serve the citizens of the State of Nebraska. This Information Security Policy contains the minimum safeguards, responsibilities and acceptable behaviors required to establish and maintain a secure environment.

The primary objectives are to:

  • effectively manage the risk of exposure or compromise to State resources;
  • communicate the responsibilities for the protection of information;
  • establish a secure, resilient processing environment;
  • provide security controls for internally developed software to protect unauthorized access, tampering, or programming errors;
  • provide a formal incident management processes; and
  • promote and increase the awareness of information security.

Mr. Burling left the meeting.

STANDARDS AND GUIDELINES - DATA SECURITY STANDARD
 
Purpose and Objectives:  It is the objective of this policy to provide safeguards to protect that information. Common methods of protecting information include, but are not limited to:
• Staff education
• Restricted data access and usage
• Administrative policies and procedures
• Data encryption
• Network encryption
• Account authorization
• Strong passwords
• Biometric authentication
• Physical security
• Network Firewalls
• Server hardening

Several council members expressed concern that more time was needed to review the Information Security Policy and the Data Security standard. 

Mr. Flanagan moved to table the Information Security Policy and the Data Security Standard until the September meeting.  Mr. Gettemy seconded.  Roll call vote:  Dey-Yes, Conroy-Yes, Daws-Yes, Flanagan-Yes, Gettemy-Yes , Henderson-Yes, Morton-Yes, Ohmberger-Yes, Olligmueller-Yes, Overton-Yes, Peterson-Yes, Shanahan-Yes, Wagner-Yes, and Wells-Yes. Results:  Yes-14, No-0.  Motion carried.

STANDARDS AND GUIDELINES - PASSWORD STANDARD

Standard: Passwords are a primary means to control access to systems; therefore all users must select,
use, and manage passwords to protect against unauthorized discovery or usage.

Password Construction: The following are the minimum password requirements for State of Nebraska passwords:
• Must contain at least eight (8) characters
• Must contain at least three (3) of the following four (4):
o At least one (1) uppercase character
o At least one (1) lowercase character
o At least one (1) numeric character
o At least one (1) symbol
• Must change at least every 90 days
• Must not repeat any character sequentially more than two (2) times
• Can not repeat any of the passwords used during the previous 365 days.

Mr. Shanahan moved that the Password Standard also be tabled until the September meeting.  Mr. Dey seconded. Roll call vote:  Conroy-No, Daws-Yes, Dey-Yes, Flanagan-Yes, Gettemy-Yes , Henderson-Yes, Morton-Yes, Ohmberger-Yes, Oligmueller-Yes, Overton-Yes, Peterson-Yes, Shanahan-Yes, Wagner-Yes, and Wells-Yes. Results:  Yes-13, No-1.  Motion carried.

Mr. Hartman will schedule informational sessions to review the Information Security Policy, Data Security Standard and the Password Standard prior to September meeting for the council members and agency representatives.  It was suggested that the NITC Security Work Group be informed of its status.

STANDARDS AND GUIDELINES - EMAIL STANDARD FOR STATE GOVERNMENT AGENCIES

Purpose: To provide a single email system for all state government agencies.

There is a currently an approved standard but the language is not consistent with the state’s conversion to a single email system for all state government agencies.  It was suggested to further define the term email.

Mr. Conroy moved to recommend approval of the Email Standard For State Government Agencies.  Mr. Oligmueller seconded. Roll call vote:  Conroy-Yes, Daws-Yes, Dey-Yes, Flanagan-Yes, Gettemy-Yes , Henderson-Yes, Morton-No, Ohmberger-Yes, Oligmueller-Yes, Overton-Yes, Peterson-Yes, Shanahan-Yes, Wagner-Yes, and Wells-Abstain. Results:  Yes-12, No-1, Abstain-1.  Motion carried.

SHARED SERVICES UPDATES - - VOIP AND VRU
Bob Howard

Mr. Howard provided an update on the current use of VoIP in state government.

OTHER BUSINESS

New members of the Office of the CIO were introduced:  Linda Lewis and Tim Cao.

AGENCY REPORTS

There were no agency reports.

NEXT MEETING DATE AND ADJOURNMENT

The next meeting of the NITC State Government Council will be held a week early on September 6, 2007, 1:30 p.m. 
 
With no further business, Mr. Henderson adjourned the meeting at 2:45 p.m.

 

Meeting minutes were taken by Lori Lopez Urdiales and reviewed by Rick Becker, Office of the CIO.

Meeting Minutes