Dean announces city's new chief information security officer

Monday, January 3, 2011 at 2:41pm
Staff reports

Mayor Karl Dean announced Monday the appointment of Greg Schaffer as chief information security officer of Metro’s Department of Information Technology Services.

Greg Schaffer, formerly the assistant vice president for network and information technology security at Middle Tennessee State University, will oversee Metro’s Information Security Management Program, which was created by executive order in 2010 to enhance and maintain Metro’s information security practices.

The creation of the position is the latest step in a series of new information security policies and practices Metro has undertaken since the December 2007 theft of some government laptop computers on which was stored the personal information of about 337,000 registered Davidson County voters. In 2008, Dean established an Information Security Advisory Board and called for an information security training program for Metro employees.

“Information security is vital to the operation of our local government,” Dean said in release. “Citizens and others doing business with the Metropolitan government have to feel confident that their information is safe, and we have to know that our information systems are protected using the industry’s highest standards.”

In addition to coordinating Metro’s information security initiative, Schaffer will be responsible for working with the Department of Human Resources to coordinate the training program. He will work closely with Keith Durbin, director of Information Technology Services.

11 Comments on this post:

By: AmyLiorate on 1/3/11 at 2:15

Congratulations to the new guy.

Most of the troubles in thousands of personal identifications leaks come from careless workers. I suggest this quick read:
http://www.computerworld.com/s/article/84573/Three_steps_CIOs_should_take_to_protect_corporate_data?taxonomyId=17&pageNumber=2

Outside of that you'll want to tighten up your public internet exposure, you know insecure services like FTP on port 21:

scan www.nashville.gov

interesting ports on 170.190.30.68:

PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp closed domain
80/tcp open http
82/tcp closed xfer
110/tcp closed pop3
443/tcp open https
447/tcp closed ddm-dfm
554/tcp closed rtsp
1755/tcp closed wms
6000/tcp closed X11
6001/tcp closed X11:1
6002/tcp closed X11:2
6003/tcp closed X11:3
6004/tcp closed X11:4
6005/tcp closed X11:5
6006/tcp closed X11:6
6007/tcp closed X11:7
6008/tcp closed X11:8
6009/tcp closed X11:9
6017/tcp closed xmail-ctrl
6050/tcp closed arcserve

1 IP address scanned in 22.065 seconds

By: nash615 on 1/3/11 at 4:09

Bwaahahahaha

nmap ftw.

By: Nitzche on 1/3/11 at 5:31

Is he gay or heterosexual? since that soccer coach wants everybody to know what she is, this information needs to be made public? No more closet heterosexuals!

By: HokeyPokey on 1/3/11 at 6:21

We're from ITS and we're here to help you.

HP

By: global_citizen on 1/3/11 at 6:21

Amy, if you can tell any of us network engineers how to run a web server or an FTP server with ports 80 or 21 closed, please do tell.

By: nash615 on 1/3/11 at 9:09

"Amy, if you can tell any of us network engineers how to run a web server or an FTP server with ports 80 or 21 closed, please do tell."

global_citizen: I presume that logic also holds for running X11 wide open on your servers too? Don't feel obliged to answer the cluephone if you're too busy, but that nmap dump spells "incompetence".

By: AmyLiorate on 1/4/11 at 4:04

SSH, if you don't know SSH (with SCP) then you should go back to the helpdesk and beg for your job back.

By: AmyLiorate on 1/4/11 at 4:14

Sorry, that sounded bad. I should have been more polite and not snappy. Please accept my apology. I notice that you are a *network* engineer and not a *server* engineer or network *security*.

Network engineers not knowing about FTP insecurity is acceptable but your coworkers have to cover those bases. If not, then I hope your business doesn't deal with PII (personal identification info) like social security numbers or ACH (credit card transactions).

I'm no CISSP but I have found my share of gaping security holes around the office. Next time I'm forced to reboot a Windows (TM) server I'll dedicate the moment to you. :D

By: HokeyPokey on 1/4/11 at 6:20

Darnit, I was hoping for a full scale, knock-down, drag-out, hissy fit among "IT Professionals" today. Something that would give new meaning to Aspergers but, alas, the best and the brightest seem not to be attracted to Music City.

HP

By: Nitzche on 1/4/11 at 7:02

forget this IT stuff, we gotta to know if he is a heterosexual or gay man... what kind of backwards city is this leaving out this valuable piece of qualification?

By: HokeyPokey on 1/4/11 at 9:29

Wrong track, Nitz wit.

HP