Laserfiche WebLink
<br />... <br /> <br />4 <br /> <br />',*, ., <br /> <br />MANAGING LOCAL GOVERNMENT COMPUTER SYSTEMS: A BEST PRACTICES REVIEW <br /> <br />Local <br />governments <br />should ensure <br />that their <br />COmputer system <br />managers control <br />security risks. <br /> <br />software applications reside on the <br />computer network. <br /> <br />2. Knowledgeable Staff Should <br />Maintain and Use the Compnter System <br /> <br />In detennining who should manage <br />computer systems, local governments <br />should look for options with properly <br />trained staff who bring a high level of <br />expertise to operating'the computer ' <br />system. Local governments should <br />detennine that a process is in place to <br />recruit and retaio technology staff. They <br />need assurances that technology staff <br />receive ongoing training to keep theIr <br />skills current in a world of rapidly <br />changing technologies. Similarly, they <br />need to determine that whoever manages <br />the computer system has an adequate plan <br />for user training and will provide user <br />suppon to local government staff expected <br />to work with computers. <br /> <br />Example: In the Robbinsdale Area <br />School District, the technology and <br />media services department offers <br />financial incentives to keep their staffs' <br />technology skills up-to-date. Employee <br />contracts contain provisions for <br />certification stipends, which are <br />awarded whenever staff successfully <br />complete trairiing programs as part of ' <br />their approved training plans. The <br />district also pays registration fees for <br />technology-related courses that staff <br />attend. <br /> <br />3. Computer Systems Should Be Secure <br /> <br />Local governments should look for <br />computer system managers who <br />understand and can control security risks. <br />In assessing their options, local <br />governments should seek computer <br />managers who conduct risk assessments of <br />the systems' security and base security <br />policies on the identified risks. Computer <br />managers sbould limit users' access to <br />cenaio computers and data and actively <br />manage users' password accounts. They <br />need to install and monitor "firewalls" and <br />antivirus software, have procedures in <br />place to backup data, and develop a <br />disaster-recovery plan. Because security <br /> <br />risks change Qver time as new <br />vulnerabilities arise, computer system <br />managers should monitor and periodically <br />audit their security procedures. Whoever <br />manages the computer system must have <br />staff who are appropriately trained to <br />protect it. <br /> <br />Example: Anoka County contracted <br />for an extensive assessment of its <br />computer system, with one component <br />focusing on security. Among other <br />tests, the assessment included <br />"penetration" testing whereby <br />consultants tried to circumvent security <br />controls to gain access to the computer <br />system. Following the assessment, <br />information systems staff developed a <br />plan to systematically implement specific <br />recommendations, such as formally <br />documenting procedures for data <br />backups. <br /> <br />The tull evaluation report, Managing <br />Local Government Computer Systems: <br />A Best Practices Review (#pe02-09), <br />is available at 651/296-4708 or: <br /> <br />WWW ::lllrlitor Ipg !'It::ltA mn ,n:::(p",.-I/?nn?,:ppn?flQ htm <br />