InfraSec 05.11.16 Minutes

Attending:

Chris Barton, Jason Maslanka, Sandeep Dath, Marcin Hiolski, Ed Zawacki, Elizabeth Romero, Allen Randall, Frank Cervone, Mark Goedert, Ilir Zenku, Sarah Ritch, Mike Lund, Miguel Martin, Lisa Blake, Doug McCarthy, Brian Ng, Sandra Robinson, Kevin Shalla, Janet Shaw, Mike Kirda, Bala Ramaraju, Josh Naylor, Phil Reiter, Vinay Surpuriya, Dean Dang, Therese Molina, Heather O’Leary

  • Subcommittee Reports
    • Digital Accessibility
      • Working to improve accessibility of new uillinois.edu website
      • Continuing to work with athletics website vendor
    • Risk Management/Assessment
      • Discussed risk management aligned with business, bring in HIPAA liaisons
      • Discussed 2016 assessment in the form of a survey
      • Status report to Audits nearly complete
      • Waiting for update form Council on submitted action
    • Security Program
      • Annual report is ready
      • Creating flowchart diagrams for incident response procedure
    • Digital Signage
      • Package should be ready for installation by Fall
  • New Business
    • Web Governance Subcommittee
      • Proposed to create a new subcommittee under InfraSec to look at technical aspect of web and governance thereof
      • A draft charter was shared
      • Discussion of charter, incentives, and consequences
      • Discussion of need for this subcommittee
      • Motion to approve creation of this committee, with the exception of strike of section four, was passed
  • Old Business
    • HR Resolutions
      • A procedure will be created to handle HR disputes
    • Risk Management/Assessment
      • Noted that the ITGC proposals went out to the Provost, but no updates have been shared
      • Official feedback on the proposals was requested
    • Burwood Report
      • Cisco and Microsoft are still being considered
      • Discussion on Cisco upgrade
  • Project and Service Updates
    • ACCC Reports Site
      • Noted that the site is publically available to the university
    • Multifactor Authentication
      • There was a presentation on why multifactor authentication is beneficial and how it could be implemented
      • Discussion on possibly uses of Duo Safety
    • Rate and Funding
      • Noted that rate and funding is moving forward
      • Basic format of the plan was gone over
      • ACCC will meet with each unit to discuss rates
      • Discussion of inability of units to cut costs once plan is made
      • There will be an advisory board to annually review and make changes
    • Exchange Online
      • An update of the Exchange Online implementation plan was given
      • Discussion of encryption and other aspects of Exchange
    • CrashPlan
      • Two major risks were discussed
      • Discussion on concerns about availability and funding
  • Unit Spotlights
    • ACCC
      • A presentation on the ACCC org structure and services was given
    • AES
      • Review of the services AES offers, upcoming changes, and recent projects
  • Discussion Topics
    • Meeting Time/Day Change
      • Discussion on possibly changing meeting time to a more accommodating one
    • HIPAA Compliant Server Backup
      • Suggested that servers obtain something that is like CrashPlan
      • Suggested that a proposal be written up and brought back to the committee for an official vote
      • Discussed other possibilities for backup, HIPAA concerns, and associated risks
    • IT Leadership
      • Members were reminded to sign up for MOR Leadership conference
    • IAM
      • Noted that IAM implementation for UIC will be coming in October
  • Announcements
    • Central Symantec Endpoint Server
      • New pilot server is being worked on in AHS