InfraSec 10.14.15 Minutes

Attending:

Lisa Blake, Kevin Shalla, Jason Maslanka, Sandeep Dath, Frank Cervone, Mark Goedert, Andre Pavkovic, Doug McCarthy, Gene Fruit, Chris Barton, Ilir Zenku, Julio Chavarria, Ashok Benet, Ron Fernandez, Sarah Ritch, Craig Jackson, Lalo Camacho, Bala Ramaraju, Marcin Hiolski, Ed Zawacki, Therese Molina, Ernesto Reyna, Phil Reiter, Mike Kirda, Ian Huggins, Brian Ng, Dean Dang, Kiseob Son, Heather O’Leary, Cynthia Klein-Banai

  • Subcommittee Reports
    • Accessibility
      • Working on UIC homepage, athletics department, and increasing accessibility to the bookstore
    • Risk
      • Colleges beginning to populate status spreadsheet with risk assessment outcomes
      • University Enterprise Risk management requested that findings go into enterprise risk report
      • Group met with a few vendors and people at Urbana looking for solutions on vulnerability scanning
      • Report was drafted for IT Governance Council
      • Suggested that a proposal be put together which would be dependent on ACCC’s capabilities
    • Security
      • Reviews from various participants were received and a detailed review is now being done before a survey for responsibility for compliance
      • Third quarter documents have been posted
      • Considering how to go about a UISO annual report
      • Discussion of implementing policy
  • Business
    • InfraSec Planning Optional Meeting – Service Catalog
      • Suggested that the committee meet to discuss priorities and get back on track with the ITGC proposal process
      • A spreadsheet for each unit to identify services that are provided and to identify gaps was sent out and asked to be filled out and returned
      • A meeting will be held to review spreadsheets and bring priorities back to the committee
      • Discussion of timeline and how to identify services
      • Goal is to identify business need more than technology itself
  • Discussion Topics
    • HIPAA and Information Security
      • HIPAA privacy and security is a subcommittee of IPSC at university level
      • BAA policy draft is being worked on and is out for review
      • Legal firm enlisted to develop enterprise HIPAA policies – group waiting on drafts which will be reconciled against current UIC IT security policy
      • HIPAA liaison role is being created for each unit under covered entity and there was discussion of how such role will work
    • Pharos Beacon
      • Suggested that Pharos Beacon is a cloud hosted product which provides organizers a way to track toner, paper, etc. usage on printers
      • Product currently in trial mode, but would be $20k a year and save money on operational costs
      • Tool goes onto devices and captures all printing data – discussion on security and privacy concerns
      • Discussion of potential costs and benefits
      • Suggested that the next step would be a security evaluation
      • Discussion of InfraSec support and possibility of broader policies being involved
    • SCCM
      • Noted that there had been some concern about SCCM service levels, private IP addresses, and support
      • Overview of current issues with the service was given
      • Suggested options for SCCM
    • IT Outreach
      • Suggested that there is a mission to provide service within UIC as well as reaching out to the community
      • Discussion of what reaching out to share knowledge and/or resources might look like considering limited resources
      • Suggestions included internships, mentorships, and it was mentioned that the college of Education offers grants
      • Discussion of how internships could work and, possibly, involve students
    • AV Vendor Performance Metrics
      • Group was asked that there be a review of vendor performance due to changes with the standing AV contract
      • Suggested to work on a document to provide feedback with data to back it up and share with purchasing
    • IT Tech Associate Requiring Bachelor’s Degree
      • Discussion of how this title requiring an IT related bachelor’s degree, even at entry level, affects hiring
      • HR will be contacted for answer and discussion
      • Project and Service Updates
    • ACCC Project Update
  • Announcements
    • Wireless Infrastructure Funding Update
      • Next buildings to receive new wireless infrastructure are CMET and SES after UH and other projects are finished
      • End of October/early November walkthroughs will begin
    • HR Resolutions Follow Up
      • HR has not yet received a response
      • Work on a mechanism for ITGC to follow up on resolution is needed