InfraSec 09.09.15 Minutes

 

Attending:

Sandy Robinson, Frank Cervone, Sarah Ritch, Allen Randall, Mark Goedert, Brian Ng, Josh Naylor, Phil Reiter, Julio Chavarria, Gene Fruit, Kevin Shalla, Kevin Price, Marcin Hiolski, Jason Maslanka, Heather O’Leary, Mike Kirda, Cynthia Herrera Lindstrom, Craig Jackson, Vinay Surpuriya, Doug McCarthy, Andre Pavkovic, Chris Barton, Ashok Benet, Dan Pollack, Ernesto Reyna, Ian Huggins, Ron Fernandez, Therese Molina, Johnathan Kupferer, Lisa Blake

  • Subcommittee Reports
    • Digital Accessibility
      • First meeting was held after a summer off
      • Contacts campus has with CBS athletic site, etc., are being looked at
      • IT accessibility policies are being analyzed, how to be more proactive
    • Risk Assessment
      • Scope is being looked at, specifically how risk management is done on campus
      • Group is working towards three main goals: ascertain how risk management is done organizationally on campus, manage/implement tools and services for a vulnerability assessment, and look at inventory management and Governance, Risk, and Compliance tools that need to be put in place for campus
      • Looking to meet vulnerability assessment needs
      • Looking to draft communications to increase visibility of risk assessment findings
      • Discussion of compliance, next steps and how best to address issues
    • Security Program
      • Subcommittee has received reviews of security program
      • Communication will be sent out to UISOs shortly
    • Regional Sites
      • Introduction of Dan Pollack as chair of regional sites subcommittee
      • Some regional IT directors have met to discuss their related concerns
      • Trying to formalize subcommittee by creating charge & solidifying membership
  • Business
    • Bylaws Amendment
      • Review of suggested revision of “Quorum,” as it refers to InfraSec Committee
      • Discussion of term, suggestion to change definition for all committees
      • Suggestion to more clearly define “Majority”
      • Discussion of applying term to subcommittees, issues related to membership
      • Approved Motion: Motion to approve amendment, with friendly amendment to add “simple majority,” passed
      • Discussion of revising membership: clarifying one vote for each ACCC director
      • Discussion of potential costs and gains of having ACCC directors vote
      • Suggestion to change text to: “one representative from each ACCC director”
      • Suggestion to change text to: “other IT Directors & managers”
      • Approved Motion: Motion to approve amendment, with two friendly amendments (stated above), passed
  • Discussion Topics
    • Redhat to CentOS
      • Redhat is being converted to CentOS
      • Will convert Virtual Machines, unless anyone wants to convert it themselves
      • Will notify each owner of VM of the conversion and when it will happen
      • Discussion of help available to units
    • WEB/Content Management System Subcommittee Follow Up
      • Discussion about creating a web subcommittee under InfraSec
      • Suggestion that existing web committee will continue to function
    • Cloud Storage Documentation
      • A chart of various cloud services was created
      • Comments will be shared regarding security of each platform
      • Discussion of which platforms have been approved for what use, specifically for FERPA and HIPAA data
  • Project and Service Updates
    • ACCC Updates
      • ACCC completed migration to Exchange Online
      • A number of issues popped up, will be addressed soon
      • Next steps are to select pilot units and share lessons learned
  • Announcements
    • Direction of InfraSec
      • Group will soon begin the process of documenting units’ business needs
      • Group will also begin to set priorities for next year
    • Tigger
      • Discussion of changes and issues related to shutting down Tigger server
      • All references to Tigger will eventually have to be updated