National Association of Legislative Information Technology

NALIT Newsletter, Winter 2008

INSIDE THIS ISSUE:

Chair's Corner
InfraGard and Computer Network Security
Implementing SharePoint 2007 Technologies as an Agency Intranet
NALIT Professional Development Seminar 2008
NALIT Subject Matter Experts Needed!
Legipedia in Idaho
NALIT Award Recipients for 2007
Editor’s Corner
Call for NALIT Newsletter Articles

Chair's Corner

I hope everyone had a Merry Christmas and a safe and happy New Year. I would like to begin by thanking Gary Wieman and Duncan Goss for their excellent work and contributions as Chair and Secretary. Gary was catapulted from Secretary to Chair when Andy Kraus left the Kansas Legislature, and Gary assumed those responsibilities without missing a beat. He worked tirelessly for NALIT, was a contributing representative for our staff section at LSCC (Legislative Staff Coordinating Committee) meetings, and an excellent mentor to me. And what can I say about Duncan! The two newsletters he edited were excellent, and I believe he set the record on the number of articles he received for the Summer 2007 issue. Not an easy task, I assure you.

I also want to thank Tim Rice, his staff, and Pam Greenberg for the excellent job they did in planning and hosting this year’s PDS in Springfield, IL. The sessions were well attended, extremely informative, and fun. Just ask attendees what happened if they exceeded their allotted time in their “Five Minutes of Fame,” or about the “First Annual Pub Quiz.”

This year promises to be a very ambitious year. Our Marketing and Outreach Committee has two projects underway in addition to strengthening our membership. One project involves creating a NALIT directory of Subject Matter Experts, and the second project involves informing our members of the benefits of joining InfraGard. This newsletter contains articles by Lorie Johnson, Chair of the committee, on these two projects. In addition Duncan is working on creating a NALIT pictorial directory. He is working with Doug Sacarto at NCSL to host the completed directory. Please send your picture to Duncan.

I have created two subcommittees for our Information Technology Standards Committee. Jason Montgomery, IL, chairs the Subcommittee on Voting Systems, and Paul Schweizer, MN, chairs the Subcommittee on VoIP. These subcommittees will compile information on technologies in the respective subject area, and prepare a report on the positive and negative aspects involved with implementing the technologies. If you would like to contribute to the committees, please contact me or the chair of the committee.

The IT Survey Committee is finalizing the web-based survey and is addressing issues with the location of the database. The goal is to have the survey available for updates by the July Annual NCSL meeting in New Orleans, LA.

Co-Chairs Steve Landers, KY, and Joel Redding, KY, have begun work on the NALIT/LINCS PDS in Louisville, KY, scheduled for September 3-6, 2008. If you have any ideas for session topics, would like to coordinate a session, or serve as a moderator for a session, please contact Steve or Joel.

I have been appointed to serve on the LSCC Marketing and Outreach Subcommittee and, as an NCSL Executive Committee member, to serve on the Program and Planning Oversight Subcommittee. You may contact me or visit NCSL’s website for information concerning these committees.

These are just some of the activities in which your officers and committee chairs are involved. If you have ideas or you are interested in participating in any of these activities, please contact one of us.

Gary Schaefer
Chair, NALIT Executive Committee

InfraGard and Computer Network Security

By Lorie Johnson

When you’re up to your ears in legislative business during your legislative session, it’s easy to lose track of the fact that your state information system networks are as important to the infrastructure of your state (and the country) as the systems are to your users. It’s easy to see how important a secure and operational network is to your users—the feedback is instantaneous. But what about the bigger picture? What about your entire state, or the country? Where does the security of your IT network fit into that?

Believe it or not, the security and integrity of your network is very important, and very much a part of the whole scheme of things. Our state and legislative networks do not exist in a vacuum, and our networks’ interconnection with the global Internet is fraught with hazards, as security people well know. In this day and age, cyber-criminals from around the world are looking for ways to break into and exploit unguarded or ill-patched computer networks, and they do not care whose network it is. While you might believe that your network is unimportant to such criminals, it’s been proven that this is not the case. So, besides having security people and software constantly maintaining a watch over your network, how else can you protect it? How can you learn about what is going on in order to counter attacks before attacks strike your network? And if something strange is happening to your network, how do you alert everyone?

This is where the InfraGard organization comes into play. InfraGard began in the late ’90s as a collaborative effort between the FBI, subject matter experts (SMEs) from local industry, and academia in Cleveland. This effort was designed to harness private sector expertise for investigative efforts in the cyber and physical security areas. Due to its immediate success, the program expanded to other FBI field offices, and created a national program that is in each of the 56 FBI field offices. These offices work closely with not only the private sector, but also with the Department of Homeland Security, among others.

InfraGard’s purpose is to protect critical infrastructures and key resources with the help of private citizens. InfraGard serves as a critical link that forms a tight-knit working relationship across all levels, and immediate access to experts from law enforcement, academic institutions, industry, and other federal, state, and local government agencies. By utilizing the talents and expertise of the InfraGard network, information is shared to mitigate threats to our nation’s critical infrastructures and key resources. This is done through close interaction with a trusted membership of subject matter experts. Members of InfraGard are private sector volunteers with an inherent concern for national security. They connect to a national network of other SMEs, communicate with federal law enforcement and government agencies through their local InfraGard chapters, and contribute to the security and protection of our national infrastructure from threats and attacks. The organization is a critical interface between law enforcement and people like us who can see things developing, and now have a means to alert them, as well as to share information in periodic meetings in our local areas.

InfraGard has been present at several NCSL and NALIT meetings—most notably the Boston conference. If you were at the demonstration of WiFi hacking conducted by the network specialists from Harvard University, that was arranged by the local InfraGard chapter. It was a very interesting (and alarming!) session, and we learned a lot about the security (or lack thereof) of public wireless networks.

There are great benefits to having one or two people in your IT department join InfraGard. One is the timely and enriching security information shared in their quarterly meetings. You will get to meet and learn from people from other industries like agriculture, banking, transportation, energy, and IT who share the same desire to protect our country’s vital infrastructure. You will learn about trends in cyber (and physical) crime and ways that the federal government is countering these types of crimes. You can create and build contacts with people who might be of interest to not only your department, but perhaps might serve as future presenters for NCSL and NALIT events. My hope is to have NALIT members in each state consider having one or two people in its IT departments join InfraGard, and adding our input and distinct expertise to the organization.

I was encouraged to join by my manager, and at my last InfraGard meeting in November, I learned about things as diverse as copper theft and pandemic flu. I get regular updates from our state organization about security trends and developments. I also have some great contacts with the local FBI field office, and resources I can tap for research when I need them.

Membership in InfraGard is free. If you would like to learn more, or want to join InfraGard, email infragardteam@infragard.org , or visit www.infragard.net. It is not a time-sink, and you will not get flooded with email, but you will get a lot out of it.

Implementing SharePoint 2007 Technologies as an Agency Intranet

By Carol Nemir

Background

The Information Systems division of the Texas Legislative Council has been using SharePoint Portal Server 2003 (SPS) to manage its divisional Intranet site since 2004. SPS has allowed us to enhance cross-team communication, reduce duplication of documents, and centralize basic business processes within the division.

For the most part, the functionality implemented on the IS division SharePoint site was built using out-of-the-box features. These functions include:

tracking system enhancement requests received from clients,
managing on call lists,
maintaining a computer support knowledge base,
managing bug tracking during application development projects,
providing for team collaboration through the use of team-focused sites, and
managing requests for user IDs.

We are currently in the process of moving to the latest SharePoint technology, Microsoft Office SharePoint Server 2007 (MOSS), and expanding its use throughout the agency.

Approach

MOSS provides a framework for each division to manage information on a division-specific site without knowledge of traditional web page design languages. Additionally, our application developers will be able to take advantage of MOSS features to create custom applications that support the agency’s day-to-day business processes and to present these applications as part of the council Intranet. Examples of custom applications that we envision for MOSS include applications for:

managing the budgeting process,
managing the contracting process, and
tracking requests for travel, leave, or supplies.

We will use a phased approach to fully implement MOSS for the agency. The first phase of the project will involve designing and implementing the physical and logical infrastructure, creating a governance plan, and establishing a plan for end-user training and support. It is expected that a customized budgeting application will be deployed shortly after the infrastructure is established. Subsequent phases will involve adding content and automating business processes as appropriate using out-of-the-box workflows. Personalized sites are being considered in the design, but will not be implemented in the near future.

Designing the Infrastructure

Following are only a few examples of the types of decisions to consider when designing the infrastructure for a MOSS implementation:

Expected use: What are the most likely scenarios of use? What features will users realistically adopt? What types of sites will be used, and how should they be organized?
Security: Will security be managed using Active Directory groups or SharePoint groups? If Active Directory groups are used, what additional groups are needed? What permission levels are needed?
Roles/responsibilities: Who is responsible for the administration of sites at each level in the site hierarchy? Who is responsible for managing security at each level? Should users be allowed to create their own sites? What is the first line of user support?
Database management: How large will the content databases be allowed to grow? How many content databases should be created? How much data isolation is needed between the various sites?
Content management: What is the process for archiving and/or deleting outdated content? What content is common to all users?
Backup and recovery: What are the procedures for recovering lost information? What is the acceptable recovery period? Are third-party tools needed to supplement the SharePoint recovery method?

Challenges

One challenge associated with designing and implementing the infrastructure has been overcoming the learning curve. MOSS is a full-featured product with a comprehensive range of functionality. Though much of the core technology has been around since SPS 2003, many new layers of complexity have been added. Due to the complexity and scale of the product, it is very difficult to become well versed in the tool as a whole. To overcome the learning curve, members of the project team have attended training targeted to administrators and to developers, have worked with the agency’s Microsoft Technical Account Manager to have conference calls with experts within Microsoft, and have begun attending local users group meetings. The project team is also considering contracting with an outside consultant who specializes in MOSS technology in order to ensure that the architectural decisions are sound and will meet the business objectives over the long term.

A challenge associated with developing custom applications for SharePoint is establishing the development environment. Developing applications against MOSS is a very new model. Few best practices are in place for structuring a MOSS environment that includes a location for development, testing, staging and production. In addition, there are limited processes in place to move code from one location to another. This is an area in which more research and assistance from outside experts is needed.

Summary

In summary, while Microsoft Office SharePoint Server 2007 can help to centralize information and enhance communication, considerable thought and planning is needed to ensure a successful implementation. A phased approach is recommended for designing and implementing a site built on SharePoint technologies.

NALIT Professional Development Seminar

Louisville, Kentucky
September 3 - 6, 2008

NALIT's annual Professional Development Seminar kicks off in Louisville, Kentucky, on September 3 - 6, 2008. The meeting will be held at the Louisville Marriott Downtown. The hotel is located in the heart of downtown Louisville, so you'll never have to look far to find many of Louisville's unique attractions. We are in the preliminary planning stages and would love to have your suggestions for topics. If you have a topic that you would like for us to consider, please email one of the planning committee members.

We are also working hard to put together a full lineup of social activities that will bring NALIT delegates together to experience some of the very best Kentucky has to offer, ending with a closing night celebration aboard the Belle of Louisville. The Belle is a beautifully maintained steamboat and National Historic Landmark. She gives passengers a memorable journey back to the time when she carried passengers and goods to ports all along the beautiful Ohio River.

2008 Professional Development Seminar Planning Committee

Co - Chairs:
Steve Landers
Joel Redding

Members:
Carla Dyer
Duncan Goss
Jim Greenwalt
Lisa Kimura
Gay Logston
Dennis Loudermilk
Craig Nakahara
Gary Schaefer

NALIT Subject Matter Experts Needed!

By Lorie Johnson

Are you a guru? Are you the person in your department with lots of expertise and experience in your particular job function? It does not matter if you're a back-office database programmer, a hardware or software troubleshooter, a network systems analyst, a user interface specialist, or adept in the arcane art of technical and functional specifications. If you are the “go-to” person in your department, you are a Subject Matter Expert (SME).

I have been tasked with creating a confidential internal NALIT database of subject matter experts from various IT disciplines. Its purpose is to help NALIT members share information and solve problems that are unique to our particular field, as well as to create resources to tap for future NCSL and NALIT professional development seminars. While there are many resources online for general IT areas, NALIT is probably the only resource for legislative-specific IT experts.

I have created an insert with a list of various areas of expertise that will provide the structure of our future database. It is by no means complete, and may have some overlap or duplication. I am including it here to assist you in pinpointing your particular areas of expertise. Feel free to add any overlooked field of interest. This list can also be found on the NALIT website:

http://www.ncsl.org/print/nalit/NALITExpertForm.pdf

If you wish to be included in the SME database, please complete the form below and mail it to me at the following address:

Lorie Johnson
AR Bureau of Legislative Research
State Capitol Building, Room 315
Little Rock, AR 72201

Or you can email me with details of your expertise and contact information. Please mark your email “NALIT SME database” so I won't overlook it.

If you have any questions, feel free to contact either me or Gary Schaefer.

Legipedia in Idaho

By Soren Jacobsen

It's about 10 minutes before my presentation, and I’m a bit nervous. I’m confident in my content; that is not a problem. I’m confident in my ability to convey my message; that also is not a problem. The problem is, I have not yet figured out a good way to get this audience engaged. The potential of the new wiki software we are implementing in the Idaho Legislature, to me, seems just about limitless. It's truly capable of changing the way, and the efficiency of the way we do business. But how to get these folks interested, right out of the gate, that is the question. I need an introduction!

I’ve got it, it's so simple. I will make the classroom a living wiki.

And so it begins: I enter the room and begin sharing everything I have learned in the past 48 hours about Springfield, IL. To this I add a few facts I knew before I came. Some of what I “knew” was wrong, but I shared it anyway as if it were true (I love a good trap!!). All of these facts and pseudo-facts I wrote on the whiteboard. Then I turned it over to the group, soliciting them to make any additions or changes they could envision. Quickly my list of 16 facts became a list of roughly 30 facts. Thirty correct facts I might add, as my mistakes were quickly corrected.

It worked like a charm, the audience was interested, engaged, and they were active in the conversation ... we are ready to go! More importantly, they had a very real life example of the power of collaboration.

So, why are we doing this in the first place? The Information Services Department of the Idaho Legislative Services Office, wanted to "extend both the reach and depth of our technical support and training initiative, while simultaneously reducing the amount of outdated information available to our end users." If that sounds like a lot like a mission statement (and the quotation marks did not give it away) it should. It is a quote from our project outline. More specifically, it was the project's objective.

We took a look at our yearly training process, and noticed that it looked a lot like this.

Watch and support our end users during the session.
Spend part of the interim recapping what we observed and turn it into documentation for the next session.
Train end users in December on how to do their jobs, based on what we learned by watching them do their jobs.

Somewhere in that process was a logical disconnect. This could not possibly be a best practice. In review, we decided it might be a better idea if the people doing the work on a day-to-day basis were the ones providing the information on how to do the job. Radical concept, is it not? The next question, of how, turned out to be fairly simple to answer. We implemented our Legipedia, or legislative wiki.

A wiki is more or less a set of dynamic documentation. If you have ever used Wikipedia, you are at least exposed to the concept. The content in a wiki is provided, edited, updated and maintained by a community of users rather than a central source of information. Wikipedia, for example, is the result of thousands of contributors, lending their expertise on specific topics to the general knowledge base. Encyclopedia Britannica is the result of a relatively small group of scholars doing research on a wide range of topics.

Both types of knowledge compendiums have their strengths and weaknesses. In a wiki, for example, you have to deal with people not doing proper research and posting their ideas rather than facts. Obviously, this can be dangerous. However, in a wiki you tend to have experts on the specific field writing on a topic, people who understand how things really work. In the trenches, if you will.

The other benefit of a wiki is peer review. In essence, the information in a good wiki is “self-policed” by virtue of the fact that you have multiple editors per subject. If one adds incorrect information, there is usually someone who comes in right behind them and updates the entry. A wiki is a community garden; everyone contributes and everyone benefits from this collected knowledge and experience.

Did I mention that a wiki is incredibly easy to create and maintain? Well, it is. Choosing the software took a little time. However, once I discovered WikiMatrix.com my quest came together very quickly. What WikiMatrix.com does, in simple terms, is allow you to do a side-by-side comparison of the various wiki software available and choose the package that is right for you. If you are not sure what your criteria should be, it has a wizard you can go through that asks you all of the relevant questions and selects the software packages best suited for your implementation. I would recommend that you go through the matrix at the beginning of your process (before you are actually ready to acquire software) as the questions alone can help you define the scope and nature of your project. For example, should you include blogs, do you want versioning, do you want to pay, or are you looking for open source software, etc.

Once I selected our software package (TikiWiki), the set up took roughly 15 minutes (most of which was spent downloading the software). Another 15 minutes for some basic admin work (creating a few profiles, etc.) and I had a working wiki.

The first application of the wiki was to replicate our Best Practices Manual, which is the manual we give to attaches each year with instructions on how to use all of the applications available to them in the course of their job. The idea here was simple. Publish the book within the wiki, then give them editing rights and let them essentially rewrite the processes as the session went on. My stated objective was to have, within two or three years, every sentence I had written replaced by better, more complete documentation, written by the people actually doing the work on a daily basis. This will be my standard for success. We have decided not to print the Best Practices Manual this year, so before its first use, the wiki will have saved us money in the form of reduced printing expenses.

This year, the Legislature also switched to an IP-based phone system, requiring the replacement of every phone throughout our network. With the exception of one tri-fold quick start flier, we are not producing any printed support documentation for the new phones. All documentation is contained in the Legipedia, where it can be easily searched, reviewed, edited and, if necessary, printed.

We then duplicated the process of digitizing the Best Practices Manual with the legislators Laptop Manual, although we are going to continue to produce a manual for them because the wiki is only available on our network.

Last week we held our first training classes for the session, for returning attaches. During that class I introduced the Legipedia. We were not sure how it would be received by the more experienced attaches, and were overjoyed to hear the overwhelming support. The last comment of the training sessions was, “Thank you for giving us more control of this process. This has been a long time coming.”

And those people in the Springfield classroom where I gave my presentation, how did it go with them? I think this quote best sums up how it was received, “I am now going home to copy your idea.”

It looks like we might be heading in the right direction.

NALIT Award Recipients for 2007

NALIT awards underscore the association's commitment to high standards of professionalism and service to the legislative institution. Each year, NALIT awards two Legislative Staff Achievement Awards to individuals, teams or legislative offices. In addition, each year the LINCS/NALIT Online Democracy Award recognizes one state legislative website that stands out for making democracy user friendly.

Recipients of the awards are presented with a plaque and are recognized by the NCSL Staff Chair during the legislative staff luncheon at the NCSL Annual Meeting. Unfortunately this year's recipients were not able to be at the Annual Conference so the awards were given in September 2007 during the Professional Development Seminar in Springfield, Illinois.

The following awards were given:

Legislative Staff Achievement Award - Illinois Legislative Information System Chamber Services Team for their development of a state of the art electronic voting system; and the Virginia Senate Clerk's Office and the Virginia Division of Legislative Automated Systems for their collaborative effort in developing a voting system for the Virginia Senate.

The Online Democracy Award - The New Jersey legislature. The New Jersey website, http://www.njleg.state.nj.us/, stood out for its ease of navigation, depth of content and openness and availability of information for the public.

Please consider nominating a deserving individual, team or office for these awards during our upcoming Annual Conference in New Orleans.

Editor’s Corner

Whew! The first newsletter is complete. As the new secretary of NALIT, I have a new appreciation for folks who produce publications for a living. I have learned so much (specifically all that I didn't know about MS Word) and hope that the learning curve is not so steep next time. As previous secretaries can attest, this is a group effort. I especially want to thank all of the contributors to this Winter 2008 edition and to Pam Greenberg for her steady guidance and consistent enthusiasm. She truly is our NALIT Gem.
I am already on the lookout for articles for our Summer edition. It will be packed with the upcoming NCSL Annual Conference information, but will also include articles from our hardworking IT buddies throughout the country. See the box below for more specific information on how you can contribute.
Until next time, very sincerely yours,
Linda Pittsford, Editor

Call for Newsletter Articles

Publishing this newsletter would be impossible without your participation. The next edition will be published in June 2008. Start thinking about how you can contribute to this valuable resource.
What kind of articles do we need?

Descriptions of IT-related projects undertaken by your office.
Reviews or studies that your office has done on IT-related issues.
IT-related policies or systems implemented in your state (not just by your office) that affect legislative IT operations.
Anything at all that you think would be interesting to your peers in other states.

No word limit (or minimum). A typical article is two or three single-spaced pages, but longer or shorter articles are fine. The more articles we have, the better the publication!

2007-2008 NALIT Committees

Executive Committee–Officers and Directors, 2007-08

Back arrow, return to previous page Return to NALIT Newsletters