ENTERPRISE ARCHITECTURE

Similar documents
The University of Queensland

STRATEGIC PLAN. USF Emergency Management

Accelerate Your Enterprise Private Cloud Initiative

Security and Privacy Governance Program Guidelines

How Cisco IT Improved Development Processes with a New Operating Model

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

OneUConn IT Service Delivery Vision

Five-Year Strategic Plan

IT Governance Framework at KIT

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

TX CIO Leadership Journey Texas CIOs Bowden Hight Texas Health and Human Services Commission Tim Jennings Texas Department of Transportation Mark

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

TEL2813/IS2621 Security Management

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives

Kansas City s Metropolitan Emergency Information System (MEIS)

NC Education Cloud Feasibility Report

POSITION DESCRIPTION

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

Symantec Data Center Transformation

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009

Leveraging the LincPass in USDA

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

FiXs - Federated and Secure Identity Management in Operation

The Mission of the Abu Dhabi Smart Solutions and Services Authority. Leading ADSSSA. By Michael J. Keegan

The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Security Architecture

THE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD

STRATEGIC PLAN

Annual Report for the Utility Savings Initiative

2 The IBM Data Governance Unified Process

Federal Government. Each fiscal year the Federal Government is challenged CATEGORY MANAGEMENT IN THE WHAT IS CATEGORY MANAGEMENT?

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Networking for a dynamic infrastructure: getting it right.

New Zealand Government IbM Infrastructure as a service

Information Systems Security Requirements for Federal GIS Initiatives

10 Considerations for a Cloud Procurement. March 2017

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

ISAO SO Product Outline

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

3-Part Guide to Developing a BYOD Strategy

New Zealand Government IBM Infrastructure as a Service

IBM Corporation. Global Energy Management System Implementation: Case Study. Global

Cyber Security Strategy

Digital Health Cyber Security Centre

Appendix 3 Disaster Recovery Plan

Supporting the Cloud Transformation of Agencies across the Public Sector

Security Director - VisionFund International

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Testimony. Senate Communications and Technology Committee Hearing on Information Technology. October 25, Office of Administration

Leadership and Innovation to Every Building Greener THREE-YEAR STRATEGIC DIRECTION TO 2019

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Global Security Consulting Services, compliancy and risk asessment services

Architecture and Standards Development Lifecycle

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

PROGRAM SUMMARY OBJECTIVES RESULTS. Last updated date: 7/27/2017. Target Beneficiaries. Donor Security

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Donor Countries Security. Date

Create the ideal conditions for your network to grow.

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

Green Treatment Center

UNCLASSIFIED. September 24, In October 2007 the President issued his National Strategy for Information Sharing. This

STRATEGIC IT ACCOUNTABILITY BOARD (SITAB) MEETING NOTES WEDNESDAY, SEPTEMBER 8, 2010

Response to Wood Buffalo Wildfire KPMG Report. Alberta Municipal Affairs

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

MNsure Privacy Program Strategic Plan FY

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Symantec Data Center Migration Service

Protecting information across government

Strategic Plan Report

Kentucky IT Consolidation

Dell helps you simplify IT

Recommendations of the ad-hoc XML Working Group To the CIO Council s EIEIT Committee May 18, 2000

National Coordinator - DRR & Disaster Management

Donor Countries Security. Date

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

SIEM: Five Requirements that Solve the Bigger Business Issues

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

White Paper. View cyber and mission-critical data in one dashboard

2014 NASCIO Recognition Award Nomination

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Objectives of the Security Policy Project for the University of Cyprus

the steps that IS Services should take to ensure that this document is aligned with the SNH s KIMS and SNH s Change Requirement;

Data Governance Central to Data Management Success

Defining the Challenges and Solutions. Resiliency Model. A Holistic Approach to Risk Management. Discussion Outline

WHO-ITU National ehealth Strategy Toolkit

Enterprise SM VOLUME 1, SECTION 5.4: ANTI-VIRUS MANAGEMENT SERVICE

G7 Bar Associations and Councils

ROLE DESCRIPTION IT SPECIALIST

Implementing Executive Order and Presidential Policy Directive 21

Symantec Security Monitoring Services

How to choose the right Data Governance resources. by First San Francisco Partners

Transcription:

ENTERPRISE ARCHITECTURE Executive Summary With more than $1 billion in information technology investments annually, the Commonwealth of Pennsylvania has evolved into the equivalent of a Fortune 20 organization, providing a diverse cross section of IT services and solutions to its 12.3 million citizens and business customers worldwide. The Commonwealth s ongoing technology success rests with its ability to leverage the strengths and assets of the entire enterprise to attain solutions and deliver services in the most cost-effective and efficient manner. The Commonwealth s Bureau of Enterprise Architecture (EA) has design and governance responsibility for information technology solutions and standards utilized by agencies under the governor s jurisdiction. The goal of Enterprise Architecture is to support the governor s office by providing enterprise-wide technology policies and standards. Partnering with agencies, the goal is achieved by understanding key business drivers, leveraging appropriate, existing technology, sharing IT resources across the Commonwealth, and making sound technology investments. Enterprise Architecture leverages the NASCIO framework and has established a collaborative governance structure that leverages the skills and experiences of the Office for Information Technology (OIT) as well as key resources in various Commonwealth agencies. The Enterprise Governance Council (EGC) and the Enterprise Architecture Standards Committee (EASC), both comprised of senior agency directors and CIOs, provide leadership, prioritization of initiatives, and recommendations of standards. Domain teams, comprised of agency technologists, architects, and thought-leaders, realize these initiatives and create Commonwealth standards, IT policies, and Enterprise Architecture models. Over the past year focus areas and accomplishments of EA include: Baseline and Target Model Specification. The Commonwealth s Target Architecture has continued to evolve in response to business drivers prioritized by the IT governance structure. Key Target Architecture specifications include the creation of a common Citizen Information Model, establishment of a common portal architecture, expansion of the Business Solutions Center of Excellence (BSCoE), and the creation of a Grants Management Architecture. The Baseline Architecture has been elaborated to map existing applications to the key functions realized in the Business Architecture. This mapping is used to identify where redundant services are being provided and serve as input for business streamlining and technical consolidation. Specification Enterprise Security Architecture and Policies. The Commonwealth, through Enterprise Architecture, has developed a baseline security architecture that includes all aspects of cyber security and identity protection and access management. Enterprise Architecture is responsible for several far-reaching, critical security initiatives that specify standard security approaches and blueprints for all aspects of cyber security, monitoring, escalation, and identity protection and access management. Security assessments have to be put in place to identify threats, vulnerabilities and risks to Commonwealth IT resources. Additionally, the Commonwealth s Chief Information Security Officer (CISO) has implemented several security awareness and communication initiatives including a CISO Roundtable to provide agency security officers multi-directional information sharing among agencies and a Pennsylvania Information Sharing and Analysis Center (PA-ISAC) to disseminate warnings and share information among the state and different levels of local government. Architecture Compliance Process. A Technical Architecture Review (TAR) Board has been established and is fully operational. The TAR regularly reviews key agency initiatives, to assess compliance with Enterprise Architecture and standards and to grant waivers based on business justification. The TAR has been active, reviewing over 100 projects in the first five months of 2006. Enterprise Architecture has brought many advantages, both tangible and intangible, to the Commonwealth of Pennsylvania. It is now an institutionalized agent for innovation and standardization across the Commonwealth and has also evolved into a communication clearinghouse for sharing information about key agency technology initiatives. Significant cost savings have been achieved through enterprise purchasing agreements for product standards. The Domain Teams and other collaborative EA mechanisms have begun to foster an attitude and mindset of cooperation, communication, and sharing throughout Commonwealth agencies. 8/28/2006 1 EA NASCIO

Description of Project Enterprise Architecture (EA) was formally introduced in to the Commonwealth of Pennsylvania in late 2003. Previously the Commonwealth had centralized several key architecture components: email, telecom services, desktop operating systems, PCs, and SAP as the back office system. It is upon this infrastructure that EA initiatives were built, and with this foundation, have constructed a collaborative approach to EA governance and standards. The EA governance structure is part of a broader IT governance model that reports to the IT Governance Board. The purpose of the IT Governance Board is to oversee the investment and performance of information solutions across Commonwealth's agencies and to advise and counsel the governor on the development, operation, and management of the Commonwealth's IT investments, resources and systems. Governance continues to be an important part of Commonwealth initiatives. The Enterprise Governance Council (EGC) and the Enterprise Architecture Standards Committee (EASC), both comprised of senior agency Directors and CIOs, provide leadership, prioritization of initiatives and recommendations of standards. Domain teams, comprised of agency technologists, architects, and thought-leaders, realize these initiatives by creating Commonwealth standards, establishing IT policies, and specifying Enterprise Architecture models and blueprints. This governance structure ensures support and the rapid adoption of enterprise strategic initiatives that meet the diverse needs of Commonwealth agencies. Additionally, with the establishment of ten domain teams (see diagram below), participation has been solicited from all agencies and levels of staff. This has established a new way of doing business for the Commonwealth. Enterprise Architecture is now an institutionalized agent for both innovation and standardization across the Commonwealth. The Enterprise Architecture Governance Model was formed using the NASCIO framework for Enterprise Architecture. 8/28/2006 2 EA NASCIO

Enterprise Architecture communicates its standards and policies through Information Technology Bulletins (ITBs). ITBs provide a consistent format for standards and are published in a common location that is publicly available for agency use. Before an ITB is published, it undergoes several types of review. After the organizations in the governance structure have reviewed an ITB, it is subject to a broader agency review before publication. Standard, broadcast communication channels are in place to keep agencies educated of new or changing standards. A feedback and query mechanism is in place, enabling agency personnel to ask questions or comment on published EA standards. Additionally, EA members attend agency or Community of Practice meetings and share information on EA standards and plans on a regular basis. During the past year, EA has been actively advancing Enterprise Architecture Blueprints and Processes throughout the Commonwealth. Key focus areas and accomplishments of EA include: continued evolution and documentation of the baseline and target models, specification of comprehensive security architecture and processes, and roll-out of an architecture compliance process. Each is described below. Baseline and Target Model Specification The Commonwealth s Target Architecture has continued to evolve in response to business drivers prioritized by the EA Governance structure. Key aspects of the target architecture specified recently include: Creation of a Citizen Information Model. A conceptual citizen information model has been created and promulgated providing standards to Commonwealth agencies pertaining to citizen-related entities and data elements. This common citizen model is a critical step towards implementing integrated processes and shared information repositories. It has improved communication among agencies by establishing a common language related to the citizen and is enabling a key Commonwealth objective of providing improved services to citizens by promoting a higher quality of information. Establishment of a Common Portal Architecture. The Commonwealth has adopted a single, standard portal platform for both internally and externally facing web-sites. The common portal architecture provides a consistent look and feel for citizens and Commonwealth users alike. Additionally, implementing the common portal architecture improves the interoperability of agency applications via portlet technology and, in conjunction with the Enterprise Security Architecture, provides a consistent, robust web access and authentication vehicle across the Commonwealth. Continued expansion of the BSCoE frameworks. Enterprise Architecture initially conceived and served as an incubator for the Business Solutions Center of Excellence (BSCoE). BSCOE consists of standardized software engineering processes, service components, and application framework components. It promotes cross agency development efforts and fosters a common approach to training and education for all development teams. It provides uniformity of approach, process and results, allowing projects to leverage the broad pool of resources and assets that currently exist within the Commonwealth. BSCoE has emerged during the last year and EA remains an important member of the BSCoE governance structure helping to guide its ongoing roll-out and evolution. Creation of a Grants Management Architecture. Building on both the Common Portal Architecture and BSCoE, a Commonwealth-wide grants management architecture has been created. This architecture simplifies and automates the funding process associated with over $17 billion in federal and state grants. The architecture streamlines the underlying business process pertaining to grants processing, establishes a centralized portal to allow grant recipients to find and apply for grant opportunities in the Commonwealth, and establishes an enterprise business intelligence engine that support the reporting needs of the governor s office and federal and state agencies. 8/28/2006 3 EA NASCIO

Additionally, key aspects of the baseline architecture continue to be elaborated. During the past year, the Commonwealth has expanded the specification of the existing Business Architecture. Utilizing the Federal Enterprise Architecture (FEA) Business Reference Model (BRM), the Commonwealth has mapped agencies and applications to their relevant lines of businesses and sub-functions in the Services for Citizens Business Area. This mapping is used to identify where redundant services are being provided across agencies and applications to serve as input for business streamlining and technical consolidation. Specification Enterprise Security Architecture and Policies. One of the most important Commonwealth initiatives is security. Enterprise Architecture is responsible for several far-reaching, critical security initiatives. These initiatives specify standard security approaches and blueprints for many aspects of cyber security and identity protection and access management. Each is described below: Identity Protection and Access Management (IPAM). An interagency Identity Management initiative was launched to establish the Commonwealth approach and architecture pertaining to identity management and to align with federal and industry standards such as the Federal Information Processing Standard (FIPS) and Security Assertion Markup Language (SAML). IPAM is a comprehensive effort that covers many aspects of identity management including: Enterprise Directory Services Provides for consolidation, synchronization and aggregation of shared identity information for retrieval and user authentication; Access Management and Control Provides standards and policies for accessing Commonwealth facilities and information systems; Enrollment, Identity Proofing and Vetting Outlines the processes for validating and verifying an individual s identity for the purpose of establishing credentials, such as log-in identifications and identity cards; Identity Card Production, Personalization and Issuance Outlines the standards for creating, delivering and activating an individual s unique identity card; Enterprise Public Key Infrastructure (PKI) Outlines the standards for use of secure mechanisms (cryptography) to verify established identities, support digital signatures and encrypt sensitive data. Specification for a Commonwealth Personal Identification Verification (PIV) Card Provides the physical and logical layout for the components of the Commonwealth PIV card, (e.g. magnetic strip, smart chip, photograph). During the past year, the IPAM Initiative has made significant progress towards a Commonwealth-wide, identity management architecture and process. Some key accomplishments include: Specification of the Enterprise Directory Blueprint; Creation of a standard Web Access and Authentication architecture; Creation of a FIPS-compliant, Personal Identification Verification (PIV) card specification; Creation of a Commonwealth Digital Certificate Policy; and Selection of a Commonwealth-wide Digital Certificate Provider. Operation Secure Enterprise (OSE). OSE addresses the increasing security risks associated with technology based delivery of business services. OSE, led by the newly appointed EA Chief Information Security Officer (CISO), creates enterprise plans, approaches, and architectural blueprints to provide enhanced cyber security to the Commonwealth. OSE has established enterprise technology standards for critical areas of cyber security, including network intrusion detection and protection systems and Internet access control and content filtering. A consolidated Security Information Management solution has been established to provide an enterprise level view regarding the condition of security in the Commonwealth s IT environment. Additionally, security assessments have been put in place to identify threats, vulnerabilities and risks to Commonwealth IT resources. 8/28/2006 4 EA NASCIO

Security Awareness and Information Sharing. An organization depends on more than technology for implementing IT Security. Raising awareness of security and communications are equally as important. EA has implemented a security architecture communication process to address awareness and communication. In addition to standardized security awareness training, the Commonwealth has established a CISO roundtable. The CISO roundtable is comprised of agency CISOs and professionals and is chaired by the EA Commonwealth CISO. This provides a forum for multi-directional information sharing among agencies. Additionally, a Pennsylvania Information Sharing and Analysis Center (PA- ISAC) has been established to disseminate warnings and share information with state and various levels of local government. Roll-out of an Architecture Compliance Process As the Commonwealth s Enterprise Architecture grows and involves, it is vital that a process be established and executed to assess agency projects compliance with Enterprise Architecture standards. A Technical Architecture Review (TAR) Board has been established and is fully operational. The TAR is comprised of Enterprise Architecture resources as well as members from other cross-cutting, technology organizations within the Commonwealth. The TAR reviews select agency initiatives, based on objective criteria, to ascertain compliance with established enterprise architecture standards and to grant waivers based on business justification. The TAR has dramatically increased Enterprise Architecture visibility and compliance among Commonwealth agencies and has been extremely active, reviewing over 100 projects in the first five months of 2006. Significance to the improvement of the Operation of Government Enterprise Architecture has improved the Commonwealth s ability to interact with other government agencies and positions the Commonwealth to align with federal recommendations while also championing interstate communications. This is possible due to the implementation of standard technology solutions, a focus on standards-based solutions, and communication of the role that EA plays across all agencies. Vendor interaction has also improved as a result of identifying one group responsible for establishing enterprise-wide standards. The Commonwealth can now negotiate lower costs across the enterprise by implementing common technology solutions, leveraging its purchasing power. Enterprise Architecture is serving as a communication vehicle for technology initiatives within the Commonwealth. Through the TAR Board and the various groups in the governance structure (EGC, EASC and domain teams), agencies constantly interact in ways and at levels they previously did not. This has resulted in greater awareness of technology initiatives among the agencies. Another key change within the Commonwealth is a shifting from an agency-centric thought process to one that is Commonwealth-wide. EA serves as the focal point for defining and communicating a shared Commonwealth vision. As enterprise standards become more prevalent, agencies within the Commonwealth have realized the benefit of shared architecture and standards. The EA governance structure now relies heavily upon the EA organization to set standards and policies in technology areas. In the past, each agency would perform their own research and establish their own standards and policies. This change in thinking is particularly evident in the realm of security where consolidated Security Information Management and the CISO roundtable have led to holistic, enterprise security planning, monitoring, and cooperation. Additionally, with the expanded baseline architecture model that has been created, it is much more straightforward to identify improvements and streamlining opportunities for the target architecture. 8/28/2006 5 EA NASCIO

Benefits Enterprise Architecture has brought many advantages, both tangible and intangible, to the Commonwealth of Pennsylvania. The Commonwealth has taken an enterprise approach to standardization, working collaboratively with agencies via the EA domain teams. Ten domain teams were formed using the NASCIO framework for Enterprise Architecture. This has provided many benefits to the Commonwealth including the ability to share assets thus increasing their utilization and driving the use of common tool sets. In turn, this lowers the overall costs by better leveraging people and processes to provide training. We have fostered an enterprise approach to new initiatives, seeking out commonality and the strategic importance in each. With the focus and attention on cyber security and identity protection at a Commonwealth level, the Commonwealth s infrastructure and information is more secure. This increased security benefits taxpayers by making their sensitive data increasingly safer. With the adoption of a common citizen information model, a common language related to the citizen has been established. This in turn promotes a higher quality of citizen information, enabling a key Commonwealth objective of providing improved services to citizens. Return on investment Enterprise Architecture does materially impact the Commonwealth via monetary savings in enterprise license agreements. Over the past year, Enterprise Architecture has named several technology solutions as Commonwealth standards. Consequently, significant license and maintenance fee cost savings (over $34 million) have been realized through enterprise license agreements. This saving alone recoups the investment by the Commonwealth in EA several times over. Another key projected area for savings is in the area of grants management. Upon rollout of the common Grants Management Architecture and Processes, the Commonwealth is projected to achieve $1 million per year in cost savings due to a 25% reduction time for every grant application processed. 8/28/2006 6 EA NASCIO

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback