InfraSec 10.12.16 Minutes

Attending:

Jason Maslanka, Allen Randall, Cynthia Herrera Lindstrom, Kevin Shalla, Ed Zawacki, Frank Cervone, Elizabeth Romero, Andre Pavkovic, Mike Kirda, Marcin Hiolski, Mat Willis, Mark Goedert, Matt Miller, Kevin Price, Vinay Surpuriya, Chris Barton, Lisa Blake, Heather O’Leary, Phil Reiter, Sandeep Dath, Sarah Ritch, Shannon Redden, Ashok Bennett, Ron Fernandez, Therese Molina, Josh Naylor, Dan Pollack, Ilir Zenku, Doug McCarthy, Lalo Camacho,

  • Subcommittee Reports
    • Digital Accessibility
      • High profile evaluation of websites helping to improve accessibility issues
      • Created a subcommittee to work on this
    • Digital Signage
      • Still struggling with Industry Weapon and mapping
    • Risk Assessment
      • Presentation given on state of risk assessment
      • Went over achievements, importance, and future goals
      • Named next steps
      • An HR focused draft of a survey was shown, naming concerns and need to push forward
      • Need for continued follow-up on 2015 Risk Recommendations proposals
      • Discussion of recommendations and status of implementation
      • Noted that there are three priorities the group is focused on
      • Discussion of funding issues
      • Discussion of Nessa’s meeting campus needs
      • Concern expressed about work done on this topic
      • A summarized update was asked for to send to the Provost
      • Suggested that the risk is understood, but the lack of funding is an issue
      • Suggested to create a document to send to Council, Provost, and VCHA
      • Suggested that a possible solution would be to ask HSCs to provide funding for costs of risk assessment
      • The subcommittee was asked to create a document emphasizing work to be done to send to upper administration voicing concern of UIC IT community
    • Security Program
      • Fourth quarter rollout happened at UISOs met yesterday, annual report almost complete
      • Concern expressed about new Qualtrics dashboard and other issues
    • Regional Sites
      • Will have first meeting next week and report to next meeting
  • New Business
    • ACCC Service Level Agreements
      • Presentation on ACCC SLAs given
      • How to work with ITGC to establish SMART SLAs and set expectations was questioned
      • Since currents SLAs were set by service managers, feedback from the InfraSec committee was requested
      • Committee was asked to review the SLAs and send feedback
      • Measuring service performance was questioned
  • Old Business
    • Web Governance Subcommittee
      • First meeting scheduled, will report to InfraSec committee at the next meeting
    • HR Resolutions
      • No new information, Appeals Board delayed
    • Burwood Report
      • Suggested that a revised report has been prepared
      • Burwood rescanned the environment and updated the report
      • Suggested that the report outlines various options
      • Suggested that there will be an update on the strategic plan
      • CDW will be providing a comparative report on the options
  • Projects and Services
    • ACCC Projects
      • Exchange Online is moving along
      • Meetings with units being arranged
      • An overview was given
    • DUO Miltifactor Update and NESSIE
      • Presentation on DUO was given
      • Discussion of communication plan for November 10 deadline
    • Box BAA
      • Contract still being worked on
      • Discussion on a projected goal for completion
  • Chair’s Reports
    • Information Privacy & Security Committee
      • Noted that HIPAA training almost complete, some modifications being addressed
      • Units must submit a survey to determine whether they are under covered entity
    • ITGC Workshop
      • Suggested that workshop was insightful and participants were honest
      • Noted that some faculty members who were not in the ITGC provided different prospective
      • Report will be created by December
  • Discussion Topics & Announcements
    • De-provisioning Disabled Accounts
      • Presentation was given on disabling inactive accounts
      • Discussion of alternative options
    • IPHEC Cloud Projects
      • Suggested that the committee needs to look at details of the contract
      • Suggested to create a discussion group to look at business needs
    • Urbana AWS
      • Noted that Pharmacy had contacted Urbana about a contract issue and has not heard back
      • Urbana will be reached out to in order to see if UIC could be added to contract
    • Security Training Alternatives, “self-phishing”
      • Suggested that there are tools available to train people on how to avoid phishing
    • BCP/DR Educause Presentation
      • Suggested that a number of UIC people attended an Educause webinar on disaster recovery
    • UA Review
      • Suggested that a group had been put together to look at AITS, services provided, and possible improvements
      • Discussion of what final report might include
    • Academic Medical Center IT Forum
      • Members of the committee attended a forum which went over concerns for health-related schools in the Midwest
      • Other members of the committee were encouraged to join