IT remodeling, security go hand in hand

Lisa Schlosser knows the importance of IT security. She has made a career of it, first as an Army military intelligence officer, then in private industry and at the Transportation Department. She brought her comprehensive view of IT security to the Housing and Urban Development Department when she took over in February as CIO.At Transportation, she was the department’s first senior-level IT security official and an early advocate of integrating IT security into the department’s lines of business, including capital planning, human resources and procurement.As Transportation’s associate CIO for IT security and then associate CIO for IT investment management, she oversaw creation of the department’s IT strategic plan, performance measurement, capital planning, security and privacy, and compliance with the President’s Management Agenda in e-government.She returned to government in 2001 because “it was time to start giving back to the government what I was fortunate to learn while in the private sector,” she said.At the start of her career, Schlosser spent six years on active Army duty. You might find her working IT security on some weekends, because she’s still in the Army Reserves. Schlosser received a bachelor’s degree from Indiana University of Pennsylvania and a master’s in administration from Central Michigan University.GCN staff writer Mary Mosquera recently spoke with Schlosser about her plans for HUD.SCHLOSSER: I’m focusing on continuously improving our investment management processes; modernizing our infrastructure so employees have the right tools to perform their jobs; and updating our core business systems, which support our single-family and multifamily housing groups and our rental systems group. We also are capitalizing on e-government solutions and outsourcing noncore systems, such as our financial management and human resources systems.SCHLOSSER: We have migrated a couple hundred of our applications to a state-of-the-art secure data center outside of the Washington area. We had multiple applications running on a vintage 1970 Unisys mainframe system, literally the last one in the world. We have upgraded that to the most current Unisys mainframe system, which is making a difference in overall efficiency of running our applications. Access to our applications is quicker and more stable. All of our applications run on that, from our administrative systems to our housing support systems.SCHLOSSER: HUD has consolidated all its infrastructure and network operations into this new data center: our telecommunication and infrastructure operations, and our key business and administrative systems. We now have state-of-the-art monitoring capabilities. We can be proactive and identify and predict problems with our networks and our applications, as opposed to always reacting to issues.SCHLOSSER: We have outsourced our pay and personnel systems to one of the e-government centers. We just completed Phase One of moving our HR systems to the Treasury Department. We’re happy with how that’s going. We’ve increased our internal capabilities, while we’ve been able to retire multiple antiquated systems. We’ll be retiring more going forward. We are also in the process of migrating to one of the E-Travel providers, but cannot name it yet.SCHLOSSER: We’re looking for opportunities to provide better and quicker data to citizens and lenders. For example, we are participating with the federal E-Loans program to enable a Web site for citizens to check their status on federal loans, due to be released by the end of this calendar year.Second, the Federal Housing Administration is consolidating its financial management systems into the FHA Subsidiary Ledger program. We now produce financial statements from the general ledger, and we’re meeting all the accelerated federal financial reporting deadlines. We’re incrementally implementing modules as they’re completed. We expect the complete financial system to be completed within two years.SCHLOSSER: Operationally, HUD has pretty sound security controls in place. What we need to do is ensure that we have documented what we’re doing in the most efficient and effective way, through a good certification and accreditation methodology and enhanced policies and procedures.We’ve updated our security policy to reflect where we want to go with the security program, such as planning more best practices and documenting procedures better. We have a project in place to accelerate the completion of certification and accreditation of all our systems by the end of this fiscal year. And we recently hired a chief information security officer, who will report directly to me. This is a new position for HUD. It’s a proactive measure that HUD secretary [Alphonso] Jackson has put in place, and I think it’s going to accelerate our program.SCHLOSSER: We’re focusing on our single-family and multifamily housing and rental assistance improvements. We are involving our field offices in the early stages of identifying requirements for systems to support these business areas, and they’re going to be more involved in testing these systems throughout the process.We collaborate very closely with and adopt best practices promoted by the Office of Management and Budget. We have good business cases and good project management. And we apply earned-value management to all our systems. The secretary and deputy secretary very much support our Technology Investment Board Executive Committee that meets quarterly to make investment decisions and to review any programs that appear to be exceeding any cost or schedule barriers. That program is well in place. What we need to do is to mature those processes and link them with our enterprise architecture.SCHLOSSER: You have to look at a best practice model. We baselined ourselves against OMB models for enterprise architecture and Government Accountability Office models for investment management maturity about a year ago. We found we needed to make improvements, such as implementing earned-value management. We believe we’re going to move to a higher level with that model as we reassess ourselves this year. We will continually assess ourselves against OMB and GAO models and identify process improvements and then implement them. That’s happening right now because of the support of the executive management at HUD.SCHLOSSER: HUD completed Version 1 of our target architecture in the second quarter [this year] and published it. We are now going through our investment process for fiscal 2007, and one of the investment criteria for all investments is: Does it fit—and how does it fit—into the published enterprise architecture? Does it meet the performance of where HUD wants to go with the target architecture? Every proposed investment is being evaluated against that architecture as part of the fiscal 2007 IT investment management and budget process.SCHLOSSER: We use several tools to constantly update our processes. We benchmark our programs against established models and also look at independent assessment reports, like GAO and inspector general reports. The OMB Watch List provides us with an independent perspective on the specific areas that we need to improve.OMB has been excellent in taking that watch list and sitting down with us and saying, here are some suggestions or some agencies that are doing well in this area, and perhaps you could capitalize on their processes to help put in a more effective program. The way OMB is managing the watch list, it’s a tool that gets your attention. They also follow that up with helping to share best practices for your particular process improvement.