InfraSec 07.08.15 Minutes

Attending:

Jason Maslanka, Kevin Price, Chris Barton, Ed Zawacki, Bala Ramaraju, Craig Jackson, Phil Reiter, Allen Randall, Frank Cervone, Sandeep Dath, Therese Molina, Mike Kirda, Doug McCarthy, Ashok Benet, Sarah Ritch, Gene Fruit, Lisa Blake, Julio Chavarria, Ian Huggins, Josh Naylor, Cynthia Herrera Lindstrom, Ilir Zenku, Vinay Surpuriya, Mark Goedert, Kevin Shalla

  • Subcommittee Reports
    • Subcommittee Review
      • Went over list of existing subcommittees, active and standing
      • Subcommittee reports will be on the agenda for future meetings
    • IS-0002 Digital Accessibility
      • On hiatus
      • Currently looking at standards in accessibility, training and tools available
      • IT accessibility policy is being drafted at Urbana
    • IS-0008 Risk Management/Risk Assessment
      • Risk assessment report completed of all Health Science Colleges
      • Group working on furthering risk management
      • Will go beyond identifying risks to remediating issues
      • Three quotes shared on data inventory, risk management, vulnerability scans
      • Letter coming from University Audits on risk assessment observations
      • Discussion of budget, security program, current efforts, and various concerns
    • IS-0009 Security Program
      • Two sections withstanding on reviewing the policy
      • Group is working on what changes can be implemented now, what will wait
  • Project and Services Updates
    • Tigger Decommissioning
      • Getting all website off Tigger by end of fall semester
      • Emails will go out how to remove site and where to get help
      • After, email accounts on Tigger will be deactivated, switched to Exchange
      • End goal to make Tigger accessible only to ACCC people
      • Discussion of publish.uic.edu templates and official design
    • RedHat Licensing
      • License costs went up 20k, plan to renegotiate cost to reflect current use levels
      • Otherwise, there will be a move to CentOS from RedHat
    • Virtual Private Network Update
      • Presentation on VPN survey findings
      • Discussion of findings, reliability of client, alternative services
      • Discussion of VPN problems, solutions, and need for more communication
  • Open Discussion
    • Governance Structure & COBIT
      • Observations of goals shared for the future of InfraSec Committee
      • Meeting imminent to discuss InfraSec and COBIT with ACCC
      • Summary of feedback shared from survey sent to the committee
      • Discussion of whether or not committee will continue to set/pursue priorities
      • Discussion of following-up priorities, creating action items and a roadmap
      • Discussion of how COBIT can help with this
    • ADSM Plan/Server Backups
      • Discussion of aging equipment, no storage space, and things to be removed
      • Working to move onto a new system/adjust hardware to address problems
      • No official backup service for new servers, work is being done to address this
    • IT Security Policy Letter
      • Committee had asked for an official letter to go out to communicate IT Security Program and available resources
      • Provost will send letter out, members should comment in Box with feedback
    • Ideas To Be Explored – RT Upgrade, Web/Content Management System Committee
      • Group is tabling Web/CMS
      • Discussion of feedback on RT upgrade
      • Discussion of work being done to develop each RT as a separate instance
    • Outside Services
      • Concerns about outside service that affect the campus, i.e. SharePoint via AITS
      • Concerns about HIPAA and FERPA restrictions on these services
  • Informational
    • Disaster Recovery & Business Continuity Engagement with McGladery
      • McGladery representative discussed working on consulting project with ACCC
      • Discussion of responses to survey sent out about disaster recovery
      • Discussion of members’ expectations if ACCC data center were to fail
      • Suggestion that a plan must be put in place and shared with campus
    • Perfect Attendance Awards
      • Recognition of committee members who had perfect/near perfect attendance
    • Identity Access Management
      • NetID length discussion has been moving forward
      • IAM will be reaching out to committee members for feedback on applications
    • HIPAA
      • A letter will be going out to deans outlining HIPAA related policy and training to those under the covered entity