Winter Reading List

After some recent discussions with a colleague, I was prompted to compose the following:

Required Reading List for Those Working at LBL
(best for those in operations and management, but useful for all).

Number 1
Objective: Gain an understanding of the core governance problems between the National Laboratories and the Department of Energy
Reading: Galvin Report
Focus On: Governance issues, oversight issues, Directives.
Location: http://www.lbl.gov/LBL-PID/Galvin-Report/Galvin-Report.html

Number 2
Objective: Gain an appreciation for the history of LBL vis a vis DOE / Manhattan Project / etc.
Reading: Brotherhood of the Bomb
Focus On: Historical administration, relationship between DOE precursors and National Labs, Development of Military Industrial Science Complex
Location: Library

Number 3
Objective: Understand LBL Position on Management Challenges and Improvement Opportunities Between DOE and M&O Contractors
Reading: LBL/DOE Best Practices Study
Focus On: Alternative Governance Models, NCAR
Location: http://www.lbl.gov/Workplace/Ops/assets/docs/best_practices.pdf

Number 4
Objective: Understand How Organizational Responses to Regulation and Oversight in National Laboratories Impact Compliance and Assurance
Reading: Regulatory Ecology: Strategy, Compliance, and Assurance in Complex Organizations
Focus On: Motivation of Internal Regulator Proxies, Communication Challenges
Location: Forthcoming (my dissertation).

Audit of the Department's Websites

The OIG has a draft out of their Audit of the Department's websites. Unfortunately, the cover letter asks that the draft not be shared. However, our response to the draft report can be shared (or in this case summarized).

LBL requires that all systems, whether they are workstations, servers, devices, microscopes, PDAs, or webservers, be managed in an appropriate, secure manner which integrates security into the lifecycle.

This approach is consistent with the philosophy that line management owns security - we want to push responsibility for appropriate configuration to the person responsible for using and managing the machine. This approach is also consistent with how most large research Universities manage websites (many servers, run at the Department or project level).

It is not consistent with the view that consolidation is always superior to decentralization.

This is a test.

This is a test of some new monitoring ideas we have been working on. XXX Viagra
We now return you to your regularly scheduled blog and apologize for the spammy words.

UC Trust

UC Trust is an identity federation for the University of California, based on InCommon. Since it is becoming more a part of UCOP's central services plans, this post is really designed to be a googleable thing for people in Ops (or elsewhere) who might need to know who to contact. Answer: cppm