InfraSec 10.12.16 Minutes

Attending:

Jason Maslanka, Allen Randall, Cynthia Herrera Lindstrom, Kevin Shalla, Ed Zawacki, Frank Cervone, Elizabeth Romero, Andre Pavkovic, Mike Kirda, Marcin Hiolski, Mat Willis, Mark Goedert, Matt Miller, Kevin Price, Vinay Surpuriya, Chris Barton, Lisa Blake, Heather O’Leary, Phil Reiter, Sandeep Dath, Sarah Ritch, Shannon Redden, Ashok Bennett, Ron Fernandez, Therese Molina, Josh Naylor, Dan Pollack, Ilir Zenku, Doug McCarthy, Lalo Camacho,

  • Subcommittee Reports
    • Digital Accessibility
      • High profile evaluation of websites helping to improve accessibility issues
      • Created a subcommittee to work on this
    • Digital Signage
      • Still struggling with Industry Weapon and mapping
    • Risk Assessment
      • Presentation given on state of risk assessment
      • Went over achievements, importance, and future goals
      • Named next steps
      • An HR focused draft of a survey was shown, naming concerns and need to push forward
      • Need for continued follow-up on 2015 Risk Recommendations proposals
      • Discussion of recommendations and status of implementation
      • Noted that there are three priorities the group is focused on
      • Discussion of funding issues
      • Discussion of Nessa’s meeting campus needs
      • Concern expressed about work done on this topic
      • A summarized update was asked for to send to the Provost
      • Suggested that the risk is understood, but the lack of funding is an issue
      • Suggested to create a document to send to Council, Provost, and VCHA
      • Suggested that a possible solution would be to ask HSCs to provide funding for costs of risk assessment
      • The subcommittee was asked to create a document emphasizing work to be done to send to upper administration voicing concern of UIC IT community
    • Security Program
      • Fourth quarter rollout happened at UISOs met yesterday, annual report almost complete
      • Concern expressed about new Qualtrics dashboard and other issues
    • Regional Sites
      • Will have first meeting next week and report to next meeting
  • New Business
    • ACCC Service Level Agreements
      • Presentation on ACCC SLAs given
      • How to work with ITGC to establish SMART SLAs and set expectations was questioned
      • Since currents SLAs were set by service managers, feedback from the InfraSec committee was requested
      • Committee was asked to review the SLAs and send feedback
      • Measuring service performance was questioned
  • Old Business
    • Web Governance Subcommittee
      • First meeting scheduled, will report to InfraSec committee at the next meeting
    • HR Resolutions
      • No new information, Appeals Board delayed
    • Burwood Report
      • Suggested that a revised report has been prepared
      • Burwood rescanned the environment and updated the report
      • Suggested that the report outlines various options
      • Suggested that there will be an update on the strategic plan
      • CDW will be providing a comparative report on the options
  • Projects and Services
    • ACCC Projects
      • Exchange Online is moving along
      • Meetings with units being arranged
      • An overview was given
    • DUO Miltifactor Update and NESSIE
      • Presentation on DUO was given
      • Discussion of communication plan for November 10 deadline
    • Box BAA
      • Contract still being worked on
      • Discussion on a projected goal for completion
  • Chair’s Reports
    • Information Privacy & Security Committee
      • Noted that HIPAA training almost complete, some modifications being addressed
      • Units must submit a survey to determine whether they are under covered entity
    • ITGC Workshop
      • Suggested that workshop was insightful and participants were honest
      • Noted that some faculty members who were not in the ITGC provided different prospective
      • Report will be created by December
  • Discussion Topics & Announcements
    • De-provisioning Disabled Accounts
      • Presentation was given on disabling inactive accounts
      • Discussion of alternative options
    • IPHEC Cloud Projects
      • Suggested that the committee needs to look at details of the contract
      • Suggested to create a discussion group to look at business needs
    • Urbana AWS
      • Noted that Pharmacy had contacted Urbana about a contract issue and has not heard back
      • Urbana will be reached out to in order to see if UIC could be added to contract
    • Security Training Alternatives, “self-phishing”
      • Suggested that there are tools available to train people on how to avoid phishing
    • BCP/DR Educause Presentation
      • Suggested that a number of UIC people attended an Educause webinar on disaster recovery
    • UA Review
      • Suggested that a group had been put together to look at AITS, services provided, and possible improvements
      • Discussion of what final report might include
    • Academic Medical Center IT Forum
      • Members of the committee attended a forum which went over concerns for health-related schools in the Midwest
      • Other members of the committee were encouraged to join

InfraSec 09.09.16 Minutes

Attending:

Jason Maslanka, Dean Dang, Matt Miller, Mike Lamdagan, Sandeep Dath, Lalo Camacho, Chris Barton, Bala Ramaraju, Mark Goedert, Mike Kirda, Frank Cervone, Ed Zawacki, Janet Shaw, Allen Randall, Ernesto Reyna, Lisa Blake, Miguel Martin, Kevin Price, Shannon Reden, Therese Molina, Ron Fernandez, Kevin Shalla, Vinay Surpuriya, Andre Pavkovic, Barry White, Doug McCarthy, Ian Huggins, Sarah Ritch, Cynthia Herrera Lindstrom

  • Subcommittee Records
    • Digital Accessibility
      • First meeting of the year was held
      • Many improvements have been made including automated assessments on UIC websites
    • Risk
      • Working on risk assessment survey
    • Security Program
      • Revising incident response process
      • 4th quarter rollout has been posted and an email announcement will be sent out
    • Digital Signage
      • Currently testing the interactive touch signage
      • The goal is to bring to buildings all over campus
  • New Business
    • IPHEC Cloud Computing Services RFP
      • The RFP was awarded to SHI and there was a presentation on the selection process
      • Discussion of VPAT to prove accessibility
      • Discussion of SHI contract
      • Discussion of other existing contracts and possible issues
    • One ID, One Password
      • A presentation was given, noting that this service is going live in October
      • Discussion of timeline and specific parts of the project
      • Discussion of campus communication plan
      • The new process for new hires was gone over
      • Noted that support information was included in presentation
    • RAVE Guardian to Campus
      • A presentation was given on the RAVE Guardian Campus Safety App
  • Old Business
    • Web Governance Subcommittee
      • Officially a subcommittee
    • HR Resolutions
      • Invitations went out for people to participate
      • Survey under review and will go out
    • Risk Management/Risk Assessment Proposals
      • Suggested that there had been a meeting to discuss request for two FTEs to support HIPAA
      • Brought to university leadership
    • Burwood Report
      • Burwood came to campus to review the final document
      • Some data needs to be updated due to shifts in the industry
      • There was a meeting with CDW and they will look at our current infrastructure and do a cost analysis
      • Discussion of what is included in proposal
  • Projects and Services
    • ACCC Projects
      • Standing projects were gone over
    • Exchange Online, Related Audit
      • The audit document and recommendations were presented
      • Discussion of transition concerns and existing mail options/servers
      • There was a meeting with Microsoft support to discuss issues that need to be fixed in order to move forward
      • Discussion of unit needs for transition
      • A session for Q&A will be held
      • There will be communication to the campus about the move
      • There was a request for a deadline for Oracle Calendar
    • Project ACCC0067 – Streaming Media Strategy
      • Being run out of the ITGC Education committee to clean up all streaming services
    • Duo
      • A presentation was given on Duo
      • Discussion of implementation and related concerns
  • Discussion Topics
    • HIPAA Data Sharing Between Colleges/IT Infrastructures
      • A request was made on instruction on how to share HIPAA data between colleges/outside while still maintaining compliant
      • Discussion of the UIC Security Program
      • Suggested a meeting be set for further discussion
    • Password Change Notification from ACCC
      • Concern was voiced about password change notifications
      • Suggested that the password change process and related issues be documented and shared

InfraSec 07.20.16 Minutes

Attending:

Kevin Shalla, Chris Barton, Julio Chavarria, Ed Zawacki, Allen Randall, Brian Ng, Ashok Bennett, Frank Cervone, Cynthia Herrera Lindstrom, Vinay Surpuriya, Jason Maslanka, Therese Molina, Ernesto Reyna, Bala Ramaraju, Kevin Price, Marcin Hiolski, Andre Pavkovic, Josh Naylor, Phil Reiter, Matt Miller, Lisa Blake, Heather O’Leary, Dean Dang, Ron Fernandez, Mark Goedert

  • Subcommittee Reports
    • Digital Accessibility
      • Meeting in August to discuss important topics
    • Risk Assessment
      • Looking at survey to send out for risk assessment
      • Working to realign risk assessment business goals
    • Security
      • Next quarter rollout and annual report are ready
      • Flowcharts created for incident response
      • Discussion of timeline
      • Discusison of scheduling and sharing trainings across campus
      • Concern voiced about high-level campus buy-in
      • Discussion of making training mandatory and consequences for those who do not comply
      • Further discussion of scheduling trainings and need for centralization
    • Digital Signage
      • New product almost ready
  • New Business
    • Contracts
      • Noted that UofI IT consulting partner contracts have not been renewed
      • Staffing portion of the contract mentioned
    • Two-Factor Authentication
      • Presentation on two factor authentication was given
      • Suggested solution for attacks on direct deposit was given a demonstration
  • Old Business
    • Web Governance Subcommittee
      • First meeting was held and will be reporting back to InfraSec
    • HR Resolutions
      • Appeals board formed and will begin hearing appeals for misclassifications
  • Projects and Services
    • ACCC Updates
      • ACCC updates were shared
      • Discussion of Exchange Online
      • Further discussion of various projects and statuses
      • Discussion of CrashPlan BAA and HIPAA concerns
      • Working to get the BAA signed as soon as possible
  • Chair’s Reports
    • Committee in state of transition, need to work to find direction
    • ITGC assessment in process
  • Discussion Topics
    • ITGC Assessment Update
      • Noted that a survey had been sent out to ask for feedback on ITGC process
      • Focus groups will be held in the fall for further feedback and how to best improve ITGC
      • Discussion of importance of IT governance and need for improvement
    • VM Price Increase
      • Noted that VM pricing for CUPPA has doubled, making it harder to afford
      • ACCC staffing issues were questioned
      • Noted that services will be supported and the staffing issue is being worked on
    • LeCT
      • Noted that the IT leadership group is looking to expand
      • Discussion on how to encourage people to get involved
    • Exchange Online License
      • Suggested that the license expired but they have reapplied for it
      • Discussion of licensing for Exchange mailboxes
    • InfraGard & CyberHealth
      • What each group is and are helpful with was mentioned
      • Information will be forwarded to listserv

InfraSec 05.11.16 Minutes

Attending:

Chris Barton, Jason Maslanka, Sandeep Dath, Marcin Hiolski, Ed Zawacki, Elizabeth Romero, Allen Randall, Frank Cervone, Mark Goedert, Ilir Zenku, Sarah Ritch, Mike Lund, Miguel Martin, Lisa Blake, Doug McCarthy, Brian Ng, Sandra Robinson, Kevin Shalla, Janet Shaw, Mike Kirda, Bala Ramaraju, Josh Naylor, Phil Reiter, Vinay Surpuriya, Dean Dang, Therese Molina, Heather O’Leary

  • Subcommittee Reports
    • Digital Accessibility
      • Working to improve accessibility of new uillinois.edu website
      • Continuing to work with athletics website vendor
    • Risk Management/Assessment
      • Discussed risk management aligned with business, bring in HIPAA liaisons
      • Discussed 2016 assessment in the form of a survey
      • Status report to Audits nearly complete
      • Waiting for update form Council on submitted action
    • Security Program
      • Annual report is ready
      • Creating flowchart diagrams for incident response procedure
    • Digital Signage
      • Package should be ready for installation by Fall
  • New Business
    • Web Governance Subcommittee
      • Proposed to create a new subcommittee under InfraSec to look at technical aspect of web and governance thereof
      • A draft charter was shared
      • Discussion of charter, incentives, and consequences
      • Discussion of need for this subcommittee
      • Motion to approve creation of this committee, with the exception of strike of section four, was passed
  • Old Business
    • HR Resolutions
      • A procedure will be created to handle HR disputes
    • Risk Management/Assessment
      • Noted that the ITGC proposals went out to the Provost, but no updates have been shared
      • Official feedback on the proposals was requested
    • Burwood Report
      • Cisco and Microsoft are still being considered
      • Discussion on Cisco upgrade
  • Project and Service Updates
    • ACCC Reports Site
      • Noted that the site is publically available to the university
    • Multifactor Authentication
      • There was a presentation on why multifactor authentication is beneficial and how it could be implemented
      • Discussion on possibly uses of Duo Safety
    • Rate and Funding
      • Noted that rate and funding is moving forward
      • Basic format of the plan was gone over
      • ACCC will meet with each unit to discuss rates
      • Discussion of inability of units to cut costs once plan is made
      • There will be an advisory board to annually review and make changes
    • Exchange Online
      • An update of the Exchange Online implementation plan was given
      • Discussion of encryption and other aspects of Exchange
    • CrashPlan
      • Two major risks were discussed
      • Discussion on concerns about availability and funding
  • Unit Spotlights
    • ACCC
      • A presentation on the ACCC org structure and services was given
    • AES
      • Review of the services AES offers, upcoming changes, and recent projects
  • Discussion Topics
    • Meeting Time/Day Change
      • Discussion on possibly changing meeting time to a more accommodating one
    • HIPAA Compliant Server Backup
      • Suggested that servers obtain something that is like CrashPlan
      • Suggested that a proposal be written up and brought back to the committee for an official vote
      • Discussed other possibilities for backup, HIPAA concerns, and associated risks
    • IT Leadership
      • Members were reminded to sign up for MOR Leadership conference
    • IAM
      • Noted that IAM implementation for UIC will be coming in October
  • Announcements
    • Central Symantec Endpoint Server
      • New pilot server is being worked on in AHS

InfraSec 03.09.16 Minutes

Attending:

Julio Chavarria, Miguel Martin, Jason Maslanka, Sandeep Dath, Chris Barton, Ed Zawacki, Marcin Hiolski, Kevin Price, Mike Kirda, Doug McCarthy, Mark Goedert, Cynthia Herrera Lindstrom, Brian Ng, Mike Lund, Sandy Robinson, Andre Pavkovic, Allen Randall, Marc Carlton, Josh Naylor, Therese Molina, Kevin Shalla, Dean Dang, Matt Miller, Chris Hollenbeck, Ernesto Reyna, Ashok Benet, Dan Pollack, Phil Reiter, Heather O’Leary

  • Subcommittee Reports
    • Digital Accessibility
      • Working on improving UIC athletic site for accessibility
      • Working to improve site accessibility design process
    • Risk Management/Assessment
      • Currently working on status update which should be available at April meeting
      • Also looking at the next cycle for risk assessment
      • Attempting to, with the help of ACCC, develop a survey to deploy in the next cycle for risk assessment
      • Also working with Dell and Secureworks for POC on vulnerability scanning
    • Security Program
      • The UISO annual report is almost complete, will be conducted using Qualtrics
    • Regional Sites
      • The subcommittee had difficulty finding appropriate membership
      • It was asked that the subcommittee provide a list of priority items to bring back to the committee
    • Digital Signage
      • Looking at new packages
  • New Business
    • Service Request Form | TechStarter
      • A presentation was given on a subcommittee from the Education committee to work on creating a form for people on campus to submit requests for new instructional technology services and the feedback they have received
      • It was proposed that, rather than just using this for Educational technology, it be expanded to the other governance groups
      • Committee discussed the potential of the form, how funding would work, etc
      • There were concerns that proposals may come to governance before colleges are on board with the idea
      • It was suggested to have a website where ideas submitted are presented to the public
      • Discussion of how to prioritize items that come in from the form and compare to existing governance priorities
      • It was suggested that there might eventually be a social component, where people on campus can vote for ideas to help prioritize
  • Old Business
    • HR Resolutions
      • There was a request submitted to the provost and Mark Donavan to set up an appeals committee
    • Burwood Report
      • A summary of the report has been compiled
      • A comparison chart of different unified communication platforms was went over
      • Discussion of how best to move forward on this initiative
  • Unit Spotlights
    • BPI
      • A presentation was shared on the business process improvement services which outlined the type of work they do and projects that BPI has helped with at UIC
      • The group also does trainings such as lean concepts and facilitation skills and are working on a long term facilitator training program
    • Pharmacy
      • College demographics, rankings, etc. were described
      • The IT structure in the college was also described with notes to their teaching and learning center, and some other initiatives
  • Discussion Topics
    • ITLW
      • It was noted that Urbana is putting together its IT Leadership Workshops for summer and fall and members were encouraged to nominate people
    • SCCM Staffing in ACCC
      • It was noted that a search had been done, but failed due to there being some problems with the HR hiring process and degree requirements
      • A new search is being opened
      • Committee then discussed HR degree requirements and possible changes that can be made
  • Project and Service Updates
    • SCCM Status
      • It was suggested that further review was needed on the process of sharing services with AITS
      • It was suggested that there are a number of technical things that would have to change to allow for off campus use of SCCM
  • Announcements
    • ACCC Maintenance Weekend | March 19-20
      • Basic email will be down at one point over the weekend, communications will be sent
    • HIPAA Policies
      •  It was noted that a draft of the HIPAA policies has been completed and will go out to legal counsel shortly, and would then be shared for feedback
      • Security portion is based on the UIC security program
      • Policies should be in place by mid-May
    • Rate and Funding
      • Meeting with leadership soon for approval, will then be presented to the committee
      • Crashplan has been included in the request

InfraSec 02.10.16 Minutes

Attending:

Attending: Jason Maslanka, Ernesto Reyna (on the phone), Cynthia Herrera Lindstrom, Elizabeth Romero, Lisa Blake, Frank Cervone, Marcin Hiolski, Phil Reiter, Mark Goedert, Allen Randall, Mike Lund, Vinay Surpuriya, Mike Kirda, Bala Ramaraju, Ed Zawacki, Kevin Price, Sarah Ritch, Sandra Robinson, Kevin Shalla, Chris Barton, Sandeep Dath, Brian Ng, Therese Molina (on the phone), Miguel Martin (on the phone), Andre Pavkovic (on the phone), Josh Naylor (on the phone)

  • Subcommittee Reports
    • Digital Accessibility
      • Vendor has been chosen for athletic website
      • Accessibility improvements will be the goal of the new year
    • Risk Management/Risk Assessment
      • Developing status reports to display where each individual college unit is
      • Working with vendors to discuss vulnerability assessment
    • Security Program
      • Working on UISO annual report
  • New Business
    • Telecommunications Standards
      • Discussion on networking issues
  • Old Business
    • HR Resolutions
      • A document was sent from HR for the committee to go over
      • IT Director responsibilities were discussed
      • An advisory committee is being formed
      • A letter to chancellor is being drafted for approval on committee members
  • Web Governance
      • Awaiting a charter to be presented
  • Unit Spotlights
    • SPH
      • Noted that UIC’s SPH is the only accredited school in that field in Illinois, making it the largest
      • Different kinds of IT within the school were mentioned
      • IT goals within SCH were described
    • Office of the Vice Chancellor for Administrative Services
      • Description of what this unit does and all of the services provided by it
    • Office of the Vice Chancellor for Student Affairs/Campus Auxiliary Services
      • Explanation of what this unit oversees
      • Three branches of this unit and what each handles were described
  • Discussion Topics
    • Pharos Beacon Issues
      • Pharos issues were discussed
      • Stated that all issues were currently being worked toward resolution
    • Laserfiche Document Management/Workflow System
      • Stated that document management/workflow systems are on campus and functional but not operational
      • Systems should be operational within the next month

Discussion on these systems

InfraSec 01.13.16 Minutes

 

Attending:

Sandy Robinson, Jason Maslanka, Lisa Blake, Kevin Shalla, Frank Cervone, Andre Pavkovic, Phil Reiter, Kevin Price, Ron Fernandez, Ilir Zenku, Cynthia Herrera Lindstrom, Miguel Martin, Allen Randall, Mike Kirda, Dean Dang, Bala Ramaraju, Vinay Surpuriya, Mark Goedert, Therese Molina, Josh Naylor, Marcin Hiolski, Ed Zawacki, Sandeep Dath, Chris Barton, Kelly Block, Ernesto Reyna, Ashok Bennet, Dan Pollack, Brian Ng, Lalo Camacho, Dale Morrison, Heather O’Leary

  • Subcommittees
    • Accessibility
      • Working with vendors on accessibility issues for athletics and others
    • Risk
      • Working on updating unit status, ACCC/AITS update to risk assessment, and proposals
    • Security
      • Timeline is being pushed back due to delays
    • Digital Signage
      • Group’s relevance was questioned
      • Group’s goals were discussed
  • New Business
    • Web Governance
      • Due to concern about governing UIC’s new webpages, a new group will be set up to create a charter
      • New charter will be brought to existing group for discussion
    • Burwood Report
      • Burwood report was discussed
      • Update will be in March
  • Old Business
    • HR Resolutions
      • A more detailed response to the resolutions was requested
      • An advisory group that includes an ITGC representative will be created to work with HR
      • Discussion on representative
    • Risk Management/Assessment Proposals
      • Proposals were approved by the council and will be sent to the provost
  • Chair’s Report
    • IT Governance Council
      • Risk proposals and bylaws were addressed
    • IPSC and HIPAA
      • Discussion on HIPAA liaison role as well as different policies
    • InfraSec Planning – Services and Gaps-
      • Discussion on different approaches to identifying gaps
      • Will be addressed at next meeting
  • Unit Spotlights
    • AITS
      • Brief overview of AITS was given
  • Discussion Topics
    • Office of Procurement Diversity Presentation
      • Brief overview of the procurement diversity office’s role at the university was given
      • Discussion on how to address diversity vendors and the RFP
    • Email Rejections and O365
      • Discussion on number of UIC accounts that have recently been compromised
      • Discussion on transition to Exchange Online
    • Data Privacy and Security
      • Discussion on policies and data ownership
    • SCCM
      • Discussion of responsibility and location of the SCCM shared service

InfraSec 11.11.15 Minutes

 

Attending:

Craig Jackson, Kevin Shalla, Chris Barton, Mike Kirda, Jason Maslanka, Ed Zawacki, Vinay Surpuriya, Ernesto Reyna, Therese Molina, Lisa Blake (on the phone), Andre Pavkovic, Bala Ramaraju, Phil Reiter, Frank Cervone, Sandra Robinson, Sandeep Dath, Kevin Price, Allen Randall, Brian Ng, Mark Goedert, Stacey Valuch, Dean Dang, Ron Fernandez, Alex Phistry, Heather O’Leary

  • Subcommittee Records
    • Digital Accessibility
      • One of the units is currently having contact with the Athletic department and a vendor named Red Shelf in order to improve digital accessibility
  • Old Business
    • HR Resolutions
      • Two resolutions were gone over: implementation of job model and IT director and Academic professional
      • HR requires a formal response
      • Job model soon to be going full force
  • New Business
    • Risk Assessment
      • Presentation on status update and proposals which, if approved, will be given to the Council for approval
      • Discussion on presentation
    • Vulnerability Scanning Proposal
      • Concern voiced that this proposal only addresses two parts vulnerability, clarification requested
      • Discussion on vulnerability scanning and on payment and implementation program
      • Discussion on resources needed and those which could be relocated for this plan
      • Committee votes on proposal, it passes
    • GRC Proposal
      • Description of proposal on observation and feedback
      • Stated that Urbana and UIC will work together on evaluation
      • Discussion on evaluation
      • Explanation of IT and policy portions
      • Question on whether this tool is a GRC tool or an IT GRC tool, agreed that it could be both
      • Discussion on tool itself as well as impact on IT
      • Committee votes on proposal, it passes
    • MDM Proposal
      • Proposal is described along with its importance
      • How the tool will work on local level is questioned and met with it looks promising but needs an evaluation from ACCC
      • Number of mobile devices covered by this tool is questioned
      • Discussion on utilization of tool as well as price for amount of licenses
      • Savings by working with Urbana are noted
      • Committee votes on proposal, it passes
  • Chair’s Reports
    • ITGC Main Council
      • Discussion on WTC meeting which occurred at Council meeting
    • Information Privacy & Security Committee & HIPAA Subcommittee
      • Discusses last meeting
      • Mention of HIPAA liaison position
  • Discussion Topics
    • SCCM
      • Current SCCM shared service is addressed
      • Two outcomes were described: Urbana testing imagine and other functions of SCCM and pulling together a small group of stakeholders to look at future of service
    • IT Tech Position
      • Discussion on need for IT Tech position needing to have a degree in Computer Science or related field
      • A request is made for a small group from this committee to volunteer to represent at meeting with HR for productive discussion
      • Discussion on type of degree, citizenship status, and amount of experience required for position
    • InfraSec Planning
      • Services and Gaps planning worksheet presented
      • A request was made for spreadsheets describing services provided by each unit
    • Bitlocker
      • Discussion
    • VPN for RDP
      • Discussion on whether or not VPN for RDP was needed
      • Discussion on how the system would function after the implementation of VPN
    • NOC Purpose
      • NOC’s purpose was questioned and an explanation is asked to be presented at the next meeting

InfraSec 10.14.15 Minutes

Attending:

Lisa Blake, Kevin Shalla, Jason Maslanka, Sandeep Dath, Frank Cervone, Mark Goedert, Andre Pavkovic, Doug McCarthy, Gene Fruit, Chris Barton, Ilir Zenku, Julio Chavarria, Ashok Benet, Ron Fernandez, Sarah Ritch, Craig Jackson, Lalo Camacho, Bala Ramaraju, Marcin Hiolski, Ed Zawacki, Therese Molina, Ernesto Reyna, Phil Reiter, Mike Kirda, Ian Huggins, Brian Ng, Dean Dang, Kiseob Son, Heather O’Leary, Cynthia Klein-Banai

  • Subcommittee Reports
    • Accessibility
      • Working on UIC homepage, athletics department, and increasing accessibility to the bookstore
    • Risk
      • Colleges beginning to populate status spreadsheet with risk assessment outcomes
      • University Enterprise Risk management requested that findings go into enterprise risk report
      • Group met with a few vendors and people at Urbana looking for solutions on vulnerability scanning
      • Report was drafted for IT Governance Council
      • Suggested that a proposal be put together which would be dependent on ACCC’s capabilities
    • Security
      • Reviews from various participants were received and a detailed review is now being done before a survey for responsibility for compliance
      • Third quarter documents have been posted
      • Considering how to go about a UISO annual report
      • Discussion of implementing policy
  • Business
    • InfraSec Planning Optional Meeting – Service Catalog
      • Suggested that the committee meet to discuss priorities and get back on track with the ITGC proposal process
      • A spreadsheet for each unit to identify services that are provided and to identify gaps was sent out and asked to be filled out and returned
      • A meeting will be held to review spreadsheets and bring priorities back to the committee
      • Discussion of timeline and how to identify services
      • Goal is to identify business need more than technology itself
  • Discussion Topics
    • HIPAA and Information Security
      • HIPAA privacy and security is a subcommittee of IPSC at university level
      • BAA policy draft is being worked on and is out for review
      • Legal firm enlisted to develop enterprise HIPAA policies – group waiting on drafts which will be reconciled against current UIC IT security policy
      • HIPAA liaison role is being created for each unit under covered entity and there was discussion of how such role will work
    • Pharos Beacon
      • Suggested that Pharos Beacon is a cloud hosted product which provides organizers a way to track toner, paper, etc. usage on printers
      • Product currently in trial mode, but would be $20k a year and save money on operational costs
      • Tool goes onto devices and captures all printing data – discussion on security and privacy concerns
      • Discussion of potential costs and benefits
      • Suggested that the next step would be a security evaluation
      • Discussion of InfraSec support and possibility of broader policies being involved
    • SCCM
      • Noted that there had been some concern about SCCM service levels, private IP addresses, and support
      • Overview of current issues with the service was given
      • Suggested options for SCCM
    • IT Outreach
      • Suggested that there is a mission to provide service within UIC as well as reaching out to the community
      • Discussion of what reaching out to share knowledge and/or resources might look like considering limited resources
      • Suggestions included internships, mentorships, and it was mentioned that the college of Education offers grants
      • Discussion of how internships could work and, possibly, involve students
    • AV Vendor Performance Metrics
      • Group was asked that there be a review of vendor performance due to changes with the standing AV contract
      • Suggested to work on a document to provide feedback with data to back it up and share with purchasing
    • IT Tech Associate Requiring Bachelor’s Degree
      • Discussion of how this title requiring an IT related bachelor’s degree, even at entry level, affects hiring
      • HR will be contacted for answer and discussion
      • Project and Service Updates
    • ACCC Project Update
  • Announcements
    • Wireless Infrastructure Funding Update
      • Next buildings to receive new wireless infrastructure are CMET and SES after UH and other projects are finished
      • End of October/early November walkthroughs will begin
    • HR Resolutions Follow Up
      • HR has not yet received a response
      • Work on a mechanism for ITGC to follow up on resolution is needed

InfraSec 09.09.15 Minutes

 

Attending:

Sandy Robinson, Frank Cervone, Sarah Ritch, Allen Randall, Mark Goedert, Brian Ng, Josh Naylor, Phil Reiter, Julio Chavarria, Gene Fruit, Kevin Shalla, Kevin Price, Marcin Hiolski, Jason Maslanka, Heather O’Leary, Mike Kirda, Cynthia Herrera Lindstrom, Craig Jackson, Vinay Surpuriya, Doug McCarthy, Andre Pavkovic, Chris Barton, Ashok Benet, Dan Pollack, Ernesto Reyna, Ian Huggins, Ron Fernandez, Therese Molina, Johnathan Kupferer, Lisa Blake

  • Subcommittee Reports
    • Digital Accessibility
      • First meeting was held after a summer off
      • Contacts campus has with CBS athletic site, etc., are being looked at
      • IT accessibility policies are being analyzed, how to be more proactive
    • Risk Assessment
      • Scope is being looked at, specifically how risk management is done on campus
      • Group is working towards three main goals: ascertain how risk management is done organizationally on campus, manage/implement tools and services for a vulnerability assessment, and look at inventory management and Governance, Risk, and Compliance tools that need to be put in place for campus
      • Looking to meet vulnerability assessment needs
      • Looking to draft communications to increase visibility of risk assessment findings
      • Discussion of compliance, next steps and how best to address issues
    • Security Program
      • Subcommittee has received reviews of security program
      • Communication will be sent out to UISOs shortly
    • Regional Sites
      • Introduction of Dan Pollack as chair of regional sites subcommittee
      • Some regional IT directors have met to discuss their related concerns
      • Trying to formalize subcommittee by creating charge & solidifying membership
  • Business
    • Bylaws Amendment
      • Review of suggested revision of “Quorum,” as it refers to InfraSec Committee
      • Discussion of term, suggestion to change definition for all committees
      • Suggestion to more clearly define “Majority”
      • Discussion of applying term to subcommittees, issues related to membership
      • Approved Motion: Motion to approve amendment, with friendly amendment to add “simple majority,” passed
      • Discussion of revising membership: clarifying one vote for each ACCC director
      • Discussion of potential costs and gains of having ACCC directors vote
      • Suggestion to change text to: “one representative from each ACCC director”
      • Suggestion to change text to: “other IT Directors & managers”
      • Approved Motion: Motion to approve amendment, with two friendly amendments (stated above), passed
  • Discussion Topics
    • Redhat to CentOS
      • Redhat is being converted to CentOS
      • Will convert Virtual Machines, unless anyone wants to convert it themselves
      • Will notify each owner of VM of the conversion and when it will happen
      • Discussion of help available to units
    • WEB/Content Management System Subcommittee Follow Up
      • Discussion about creating a web subcommittee under InfraSec
      • Suggestion that existing web committee will continue to function
    • Cloud Storage Documentation
      • A chart of various cloud services was created
      • Comments will be shared regarding security of each platform
      • Discussion of which platforms have been approved for what use, specifically for FERPA and HIPAA data
  • Project and Service Updates
    • ACCC Updates
      • ACCC completed migration to Exchange Online
      • A number of issues popped up, will be addressed soon
      • Next steps are to select pilot units and share lessons learned
  • Announcements
    • Direction of InfraSec
      • Group will soon begin the process of documenting units’ business needs
      • Group will also begin to set priorities for next year
    • Tigger
      • Discussion of changes and issues related to shutting down Tigger server
      • All references to Tigger will eventually have to be updated