InfraSec 05.11.16 Minutes

Attending:

Chris Barton, Jason Maslanka, Sandeep Dath, Marcin Hiolski, Ed Zawacki, Elizabeth Romero, Allen Randall, Frank Cervone, Mark Goedert, Ilir Zenku, Sarah Ritch, Mike Lund, Miguel Martin, Lisa Blake, Doug McCarthy, Brian Ng, Sandra Robinson, Kevin Shalla, Janet Shaw, Mike Kirda, Bala Ramaraju, Josh Naylor, Phil Reiter, Vinay Surpuriya, Dean Dang, Therese Molina, Heather O’Leary

  • Subcommittee Reports
    • Digital Accessibility
      • Working to improve accessibility of new uillinois.edu website
      • Continuing to work with athletics website vendor
    • Risk Management/Assessment
      • Discussed risk management aligned with business, bring in HIPAA liaisons
      • Discussed 2016 assessment in the form of a survey
      • Status report to Audits nearly complete
      • Waiting for update form Council on submitted action
    • Security Program
      • Annual report is ready
      • Creating flowchart diagrams for incident response procedure
    • Digital Signage
      • Package should be ready for installation by Fall
  • New Business
    • Web Governance Subcommittee
      • Proposed to create a new subcommittee under InfraSec to look at technical aspect of web and governance thereof
      • A draft charter was shared
      • Discussion of charter, incentives, and consequences
      • Discussion of need for this subcommittee
      • Motion to approve creation of this committee, with the exception of strike of section four, was passed
  • Old Business
    • HR Resolutions
      • A procedure will be created to handle HR disputes
    • Risk Management/Assessment
      • Noted that the ITGC proposals went out to the Provost, but no updates have been shared
      • Official feedback on the proposals was requested
    • Burwood Report
      • Cisco and Microsoft are still being considered
      • Discussion on Cisco upgrade
  • Project and Service Updates
    • ACCC Reports Site
      • Noted that the site is publically available to the university
    • Multifactor Authentication
      • There was a presentation on why multifactor authentication is beneficial and how it could be implemented
      • Discussion on possibly uses of Duo Safety
    • Rate and Funding
      • Noted that rate and funding is moving forward
      • Basic format of the plan was gone over
      • ACCC will meet with each unit to discuss rates
      • Discussion of inability of units to cut costs once plan is made
      • There will be an advisory board to annually review and make changes
    • Exchange Online
      • An update of the Exchange Online implementation plan was given
      • Discussion of encryption and other aspects of Exchange
    • CrashPlan
      • Two major risks were discussed
      • Discussion on concerns about availability and funding
  • Unit Spotlights
    • ACCC
      • A presentation on the ACCC org structure and services was given
    • AES
      • Review of the services AES offers, upcoming changes, and recent projects
  • Discussion Topics
    • Meeting Time/Day Change
      • Discussion on possibly changing meeting time to a more accommodating one
    • HIPAA Compliant Server Backup
      • Suggested that servers obtain something that is like CrashPlan
      • Suggested that a proposal be written up and brought back to the committee for an official vote
      • Discussed other possibilities for backup, HIPAA concerns, and associated risks
    • IT Leadership
      • Members were reminded to sign up for MOR Leadership conference
    • IAM
      • Noted that IAM implementation for UIC will be coming in October
  • Announcements
    • Central Symantec Endpoint Server
      • New pilot server is being worked on in AHS

InfraSec 03.09.16 Minutes

Attending:

Julio Chavarria, Miguel Martin, Jason Maslanka, Sandeep Dath, Chris Barton, Ed Zawacki, Marcin Hiolski, Kevin Price, Mike Kirda, Doug McCarthy, Mark Goedert, Cynthia Herrera Lindstrom, Brian Ng, Mike Lund, Sandy Robinson, Andre Pavkovic, Allen Randall, Marc Carlton, Josh Naylor, Therese Molina, Kevin Shalla, Dean Dang, Matt Miller, Chris Hollenbeck, Ernesto Reyna, Ashok Benet, Dan Pollack, Phil Reiter, Heather O’Leary

  • Subcommittee Reports
    • Digital Accessibility
      • Working on improving UIC athletic site for accessibility
      • Working to improve site accessibility design process
    • Risk Management/Assessment
      • Currently working on status update which should be available at April meeting
      • Also looking at the next cycle for risk assessment
      • Attempting to, with the help of ACCC, develop a survey to deploy in the next cycle for risk assessment
      • Also working with Dell and Secureworks for POC on vulnerability scanning
    • Security Program
      • The UISO annual report is almost complete, will be conducted using Qualtrics
    • Regional Sites
      • The subcommittee had difficulty finding appropriate membership
      • It was asked that the subcommittee provide a list of priority items to bring back to the committee
    • Digital Signage
      • Looking at new packages
  • New Business
    • Service Request Form | TechStarter
      • A presentation was given on a subcommittee from the Education committee to work on creating a form for people on campus to submit requests for new instructional technology services and the feedback they have received
      • It was proposed that, rather than just using this for Educational technology, it be expanded to the other governance groups
      • Committee discussed the potential of the form, how funding would work, etc
      • There were concerns that proposals may come to governance before colleges are on board with the idea
      • It was suggested to have a website where ideas submitted are presented to the public
      • Discussion of how to prioritize items that come in from the form and compare to existing governance priorities
      • It was suggested that there might eventually be a social component, where people on campus can vote for ideas to help prioritize
  • Old Business
    • HR Resolutions
      • There was a request submitted to the provost and Mark Donavan to set up an appeals committee
    • Burwood Report
      • A summary of the report has been compiled
      • A comparison chart of different unified communication platforms was went over
      • Discussion of how best to move forward on this initiative
  • Unit Spotlights
    • BPI
      • A presentation was shared on the business process improvement services which outlined the type of work they do and projects that BPI has helped with at UIC
      • The group also does trainings such as lean concepts and facilitation skills and are working on a long term facilitator training program
    • Pharmacy
      • College demographics, rankings, etc. were described
      • The IT structure in the college was also described with notes to their teaching and learning center, and some other initiatives
  • Discussion Topics
    • ITLW
      • It was noted that Urbana is putting together its IT Leadership Workshops for summer and fall and members were encouraged to nominate people
    • SCCM Staffing in ACCC
      • It was noted that a search had been done, but failed due to there being some problems with the HR hiring process and degree requirements
      • A new search is being opened
      • Committee then discussed HR degree requirements and possible changes that can be made
  • Project and Service Updates
    • SCCM Status
      • It was suggested that further review was needed on the process of sharing services with AITS
      • It was suggested that there are a number of technical things that would have to change to allow for off campus use of SCCM
  • Announcements
    • ACCC Maintenance Weekend | March 19-20
      • Basic email will be down at one point over the weekend, communications will be sent
    • HIPAA Policies
      •  It was noted that a draft of the HIPAA policies has been completed and will go out to legal counsel shortly, and would then be shared for feedback
      • Security portion is based on the UIC security program
      • Policies should be in place by mid-May
    • Rate and Funding
      • Meeting with leadership soon for approval, will then be presented to the committee
      • Crashplan has been included in the request

InfraSec 02.10.16 Minutes

Attending:

Attending: Jason Maslanka, Ernesto Reyna (on the phone), Cynthia Herrera Lindstrom, Elizabeth Romero, Lisa Blake, Frank Cervone, Marcin Hiolski, Phil Reiter, Mark Goedert, Allen Randall, Mike Lund, Vinay Surpuriya, Mike Kirda, Bala Ramaraju, Ed Zawacki, Kevin Price, Sarah Ritch, Sandra Robinson, Kevin Shalla, Chris Barton, Sandeep Dath, Brian Ng, Therese Molina (on the phone), Miguel Martin (on the phone), Andre Pavkovic (on the phone), Josh Naylor (on the phone)

  • Subcommittee Reports
    • Digital Accessibility
      • Vendor has been chosen for athletic website
      • Accessibility improvements will be the goal of the new year
    • Risk Management/Risk Assessment
      • Developing status reports to display where each individual college unit is
      • Working with vendors to discuss vulnerability assessment
    • Security Program
      • Working on UISO annual report
  • New Business
    • Telecommunications Standards
      • Discussion on networking issues
  • Old Business
    • HR Resolutions
      • A document was sent from HR for the committee to go over
      • IT Director responsibilities were discussed
      • An advisory committee is being formed
      • A letter to chancellor is being drafted for approval on committee members
  • Web Governance
      • Awaiting a charter to be presented
  • Unit Spotlights
    • SPH
      • Noted that UIC’s SPH is the only accredited school in that field in Illinois, making it the largest
      • Different kinds of IT within the school were mentioned
      • IT goals within SCH were described
    • Office of the Vice Chancellor for Administrative Services
      • Description of what this unit does and all of the services provided by it
    • Office of the Vice Chancellor for Student Affairs/Campus Auxiliary Services
      • Explanation of what this unit oversees
      • Three branches of this unit and what each handles were described
  • Discussion Topics
    • Pharos Beacon Issues
      • Pharos issues were discussed
      • Stated that all issues were currently being worked toward resolution
    • Laserfiche Document Management/Workflow System
      • Stated that document management/workflow systems are on campus and functional but not operational
      • Systems should be operational within the next month

Discussion on these systems

InfraSec 01.13.16 Minutes

 

Attending:

Sandy Robinson, Jason Maslanka, Lisa Blake, Kevin Shalla, Frank Cervone, Andre Pavkovic, Phil Reiter, Kevin Price, Ron Fernandez, Ilir Zenku, Cynthia Herrera Lindstrom, Miguel Martin, Allen Randall, Mike Kirda, Dean Dang, Bala Ramaraju, Vinay Surpuriya, Mark Goedert, Therese Molina, Josh Naylor, Marcin Hiolski, Ed Zawacki, Sandeep Dath, Chris Barton, Kelly Block, Ernesto Reyna, Ashok Bennet, Dan Pollack, Brian Ng, Lalo Camacho, Dale Morrison, Heather O’Leary

  • Subcommittees
    • Accessibility
      • Working with vendors on accessibility issues for athletics and others
    • Risk
      • Working on updating unit status, ACCC/AITS update to risk assessment, and proposals
    • Security
      • Timeline is being pushed back due to delays
    • Digital Signage
      • Group’s relevance was questioned
      • Group’s goals were discussed
  • New Business
    • Web Governance
      • Due to concern about governing UIC’s new webpages, a new group will be set up to create a charter
      • New charter will be brought to existing group for discussion
    • Burwood Report
      • Burwood report was discussed
      • Update will be in March
  • Old Business
    • HR Resolutions
      • A more detailed response to the resolutions was requested
      • An advisory group that includes an ITGC representative will be created to work with HR
      • Discussion on representative
    • Risk Management/Assessment Proposals
      • Proposals were approved by the council and will be sent to the provost
  • Chair’s Report
    • IT Governance Council
      • Risk proposals and bylaws were addressed
    • IPSC and HIPAA
      • Discussion on HIPAA liaison role as well as different policies
    • InfraSec Planning – Services and Gaps-
      • Discussion on different approaches to identifying gaps
      • Will be addressed at next meeting
  • Unit Spotlights
    • AITS
      • Brief overview of AITS was given
  • Discussion Topics
    • Office of Procurement Diversity Presentation
      • Brief overview of the procurement diversity office’s role at the university was given
      • Discussion on how to address diversity vendors and the RFP
    • Email Rejections and O365
      • Discussion on number of UIC accounts that have recently been compromised
      • Discussion on transition to Exchange Online
    • Data Privacy and Security
      • Discussion on policies and data ownership
    • SCCM
      • Discussion of responsibility and location of the SCCM shared service

InfraSec 11.11.15 Minutes

 

Attending:

Craig Jackson, Kevin Shalla, Chris Barton, Mike Kirda, Jason Maslanka, Ed Zawacki, Vinay Surpuriya, Ernesto Reyna, Therese Molina, Lisa Blake (on the phone), Andre Pavkovic, Bala Ramaraju, Phil Reiter, Frank Cervone, Sandra Robinson, Sandeep Dath, Kevin Price, Allen Randall, Brian Ng, Mark Goedert, Stacey Valuch, Dean Dang, Ron Fernandez, Alex Phistry, Heather O’Leary

  • Subcommittee Records
    • Digital Accessibility
      • One of the units is currently having contact with the Athletic department and a vendor named Red Shelf in order to improve digital accessibility
  • Old Business
    • HR Resolutions
      • Two resolutions were gone over: implementation of job model and IT director and Academic professional
      • HR requires a formal response
      • Job model soon to be going full force
  • New Business
    • Risk Assessment
      • Presentation on status update and proposals which, if approved, will be given to the Council for approval
      • Discussion on presentation
    • Vulnerability Scanning Proposal
      • Concern voiced that this proposal only addresses two parts vulnerability, clarification requested
      • Discussion on vulnerability scanning and on payment and implementation program
      • Discussion on resources needed and those which could be relocated for this plan
      • Committee votes on proposal, it passes
    • GRC Proposal
      • Description of proposal on observation and feedback
      • Stated that Urbana and UIC will work together on evaluation
      • Discussion on evaluation
      • Explanation of IT and policy portions
      • Question on whether this tool is a GRC tool or an IT GRC tool, agreed that it could be both
      • Discussion on tool itself as well as impact on IT
      • Committee votes on proposal, it passes
    • MDM Proposal
      • Proposal is described along with its importance
      • How the tool will work on local level is questioned and met with it looks promising but needs an evaluation from ACCC
      • Number of mobile devices covered by this tool is questioned
      • Discussion on utilization of tool as well as price for amount of licenses
      • Savings by working with Urbana are noted
      • Committee votes on proposal, it passes
  • Chair’s Reports
    • ITGC Main Council
      • Discussion on WTC meeting which occurred at Council meeting
    • Information Privacy & Security Committee & HIPAA Subcommittee
      • Discusses last meeting
      • Mention of HIPAA liaison position
  • Discussion Topics
    • SCCM
      • Current SCCM shared service is addressed
      • Two outcomes were described: Urbana testing imagine and other functions of SCCM and pulling together a small group of stakeholders to look at future of service
    • IT Tech Position
      • Discussion on need for IT Tech position needing to have a degree in Computer Science or related field
      • A request is made for a small group from this committee to volunteer to represent at meeting with HR for productive discussion
      • Discussion on type of degree, citizenship status, and amount of experience required for position
    • InfraSec Planning
      • Services and Gaps planning worksheet presented
      • A request was made for spreadsheets describing services provided by each unit
    • Bitlocker
      • Discussion
    • VPN for RDP
      • Discussion on whether or not VPN for RDP was needed
      • Discussion on how the system would function after the implementation of VPN
    • NOC Purpose
      • NOC’s purpose was questioned and an explanation is asked to be presented at the next meeting

InfraSec 10.14.15 Minutes

Attending:

Lisa Blake, Kevin Shalla, Jason Maslanka, Sandeep Dath, Frank Cervone, Mark Goedert, Andre Pavkovic, Doug McCarthy, Gene Fruit, Chris Barton, Ilir Zenku, Julio Chavarria, Ashok Benet, Ron Fernandez, Sarah Ritch, Craig Jackson, Lalo Camacho, Bala Ramaraju, Marcin Hiolski, Ed Zawacki, Therese Molina, Ernesto Reyna, Phil Reiter, Mike Kirda, Ian Huggins, Brian Ng, Dean Dang, Kiseob Son, Heather O’Leary, Cynthia Klein-Banai

  • Subcommittee Reports
    • Accessibility
      • Working on UIC homepage, athletics department, and increasing accessibility to the bookstore
    • Risk
      • Colleges beginning to populate status spreadsheet with risk assessment outcomes
      • University Enterprise Risk management requested that findings go into enterprise risk report
      • Group met with a few vendors and people at Urbana looking for solutions on vulnerability scanning
      • Report was drafted for IT Governance Council
      • Suggested that a proposal be put together which would be dependent on ACCC’s capabilities
    • Security
      • Reviews from various participants were received and a detailed review is now being done before a survey for responsibility for compliance
      • Third quarter documents have been posted
      • Considering how to go about a UISO annual report
      • Discussion of implementing policy
  • Business
    • InfraSec Planning Optional Meeting – Service Catalog
      • Suggested that the committee meet to discuss priorities and get back on track with the ITGC proposal process
      • A spreadsheet for each unit to identify services that are provided and to identify gaps was sent out and asked to be filled out and returned
      • A meeting will be held to review spreadsheets and bring priorities back to the committee
      • Discussion of timeline and how to identify services
      • Goal is to identify business need more than technology itself
  • Discussion Topics
    • HIPAA and Information Security
      • HIPAA privacy and security is a subcommittee of IPSC at university level
      • BAA policy draft is being worked on and is out for review
      • Legal firm enlisted to develop enterprise HIPAA policies – group waiting on drafts which will be reconciled against current UIC IT security policy
      • HIPAA liaison role is being created for each unit under covered entity and there was discussion of how such role will work
    • Pharos Beacon
      • Suggested that Pharos Beacon is a cloud hosted product which provides organizers a way to track toner, paper, etc. usage on printers
      • Product currently in trial mode, but would be $20k a year and save money on operational costs
      • Tool goes onto devices and captures all printing data – discussion on security and privacy concerns
      • Discussion of potential costs and benefits
      • Suggested that the next step would be a security evaluation
      • Discussion of InfraSec support and possibility of broader policies being involved
    • SCCM
      • Noted that there had been some concern about SCCM service levels, private IP addresses, and support
      • Overview of current issues with the service was given
      • Suggested options for SCCM
    • IT Outreach
      • Suggested that there is a mission to provide service within UIC as well as reaching out to the community
      • Discussion of what reaching out to share knowledge and/or resources might look like considering limited resources
      • Suggestions included internships, mentorships, and it was mentioned that the college of Education offers grants
      • Discussion of how internships could work and, possibly, involve students
    • AV Vendor Performance Metrics
      • Group was asked that there be a review of vendor performance due to changes with the standing AV contract
      • Suggested to work on a document to provide feedback with data to back it up and share with purchasing
    • IT Tech Associate Requiring Bachelor’s Degree
      • Discussion of how this title requiring an IT related bachelor’s degree, even at entry level, affects hiring
      • HR will be contacted for answer and discussion
      • Project and Service Updates
    • ACCC Project Update
  • Announcements
    • Wireless Infrastructure Funding Update
      • Next buildings to receive new wireless infrastructure are CMET and SES after UH and other projects are finished
      • End of October/early November walkthroughs will begin
    • HR Resolutions Follow Up
      • HR has not yet received a response
      • Work on a mechanism for ITGC to follow up on resolution is needed

InfraSec 09.09.15 Minutes

 

Attending:

Sandy Robinson, Frank Cervone, Sarah Ritch, Allen Randall, Mark Goedert, Brian Ng, Josh Naylor, Phil Reiter, Julio Chavarria, Gene Fruit, Kevin Shalla, Kevin Price, Marcin Hiolski, Jason Maslanka, Heather O’Leary, Mike Kirda, Cynthia Herrera Lindstrom, Craig Jackson, Vinay Surpuriya, Doug McCarthy, Andre Pavkovic, Chris Barton, Ashok Benet, Dan Pollack, Ernesto Reyna, Ian Huggins, Ron Fernandez, Therese Molina, Johnathan Kupferer, Lisa Blake

  • Subcommittee Reports
    • Digital Accessibility
      • First meeting was held after a summer off
      • Contacts campus has with CBS athletic site, etc., are being looked at
      • IT accessibility policies are being analyzed, how to be more proactive
    • Risk Assessment
      • Scope is being looked at, specifically how risk management is done on campus
      • Group is working towards three main goals: ascertain how risk management is done organizationally on campus, manage/implement tools and services for a vulnerability assessment, and look at inventory management and Governance, Risk, and Compliance tools that need to be put in place for campus
      • Looking to meet vulnerability assessment needs
      • Looking to draft communications to increase visibility of risk assessment findings
      • Discussion of compliance, next steps and how best to address issues
    • Security Program
      • Subcommittee has received reviews of security program
      • Communication will be sent out to UISOs shortly
    • Regional Sites
      • Introduction of Dan Pollack as chair of regional sites subcommittee
      • Some regional IT directors have met to discuss their related concerns
      • Trying to formalize subcommittee by creating charge & solidifying membership
  • Business
    • Bylaws Amendment
      • Review of suggested revision of “Quorum,” as it refers to InfraSec Committee
      • Discussion of term, suggestion to change definition for all committees
      • Suggestion to more clearly define “Majority”
      • Discussion of applying term to subcommittees, issues related to membership
      • Approved Motion: Motion to approve amendment, with friendly amendment to add “simple majority,” passed
      • Discussion of revising membership: clarifying one vote for each ACCC director
      • Discussion of potential costs and gains of having ACCC directors vote
      • Suggestion to change text to: “one representative from each ACCC director”
      • Suggestion to change text to: “other IT Directors & managers”
      • Approved Motion: Motion to approve amendment, with two friendly amendments (stated above), passed
  • Discussion Topics
    • Redhat to CentOS
      • Redhat is being converted to CentOS
      • Will convert Virtual Machines, unless anyone wants to convert it themselves
      • Will notify each owner of VM of the conversion and when it will happen
      • Discussion of help available to units
    • WEB/Content Management System Subcommittee Follow Up
      • Discussion about creating a web subcommittee under InfraSec
      • Suggestion that existing web committee will continue to function
    • Cloud Storage Documentation
      • A chart of various cloud services was created
      • Comments will be shared regarding security of each platform
      • Discussion of which platforms have been approved for what use, specifically for FERPA and HIPAA data
  • Project and Service Updates
    • ACCC Updates
      • ACCC completed migration to Exchange Online
      • A number of issues popped up, will be addressed soon
      • Next steps are to select pilot units and share lessons learned
  • Announcements
    • Direction of InfraSec
      • Group will soon begin the process of documenting units’ business needs
      • Group will also begin to set priorities for next year
    • Tigger
      • Discussion of changes and issues related to shutting down Tigger server
      • All references to Tigger will eventually have to be updated

InfraSec 08.12.15 Minutes

Attending:

Chris Hollenback, Jason Maslanka, Chris Barton, Sandeep Dath, Mat Willis, Dean Dang, Therese Molina, Cynthia Herrera Lindstrom, Mark Goedert, Marcin Hiolski, Ernesto Reyna, Lalo Camacho, Bala Ramaraju, Josh Naylor, Mike Kirda, Vinay Surpuriya, Phil Reiter, Ed Zawacki, Kevin Price, Kevin Shalla, Lisa Blake, Doug McCarthy, Andre Pavkovic, Johnathan Kupferer, Ian Huggins, Heather O’Leary, Julio Chavarria, Gene Fruit, Dan Pollack, Ron Fernandez

  • Digital Accessibility (Subcommittee Report)
    • Membership is being paired down
      •  Reviewing subcommittee
  • Risk Management (Subcommittee Report)
    • Audit Management Letter
      •  A letter was issued to deans in Health Science Colleges regarding need for further action on responding to risk findings
      • Consideration of where findings should be shared, involves more than HIPAA
    • Response to Request for Qualifications
      •  Response received from some vendors on RFQ process
      • Data inventory tools are being assessed for risk management
      • Focus afterwards will be on scope and requirements-gathering
    • RACI Chart
      • Discussion of RACI chart developed for risk management
      • Work will continue on visibility, what needs to be done next in units
      • Discussion on role of governance in chart, and determining/assigning tasks
  • Security Program (Subcommittee Report)
    • Work is continuing on updating program with suggestions from review
      • Role of HIPAA Security & Privacy Officer will be added
      • Discussion of subcommittee’s place in ITGC– suggestion it shouldn’t be ongoing
      • Discussion on consequences of not pursuing proposals
      • Standing Subcommittees
    • Regional Sites subcommittee still working to finalize a list of members
      • Discussion on role of subcommittee, finding representatives for regional sites
  • Business
    • IT Security Program Letter
      • Discussion of letter, edits, how to refer to the program
      • Approved Motion: Motion to approve letter with edits was passed
  • Discussion
    • Governance Structure Lunch Meeting Recap
      • Best method needs to be discerned for evaluating business needs and gaps
      • Suggestion for every unit to identify all of their provided services, and bring back to the committee to identify shared needs
      • Discussion on gaining more knowledge on COBIT, to help with implementation
    • College and Unit IT Service Catalogs & Priorities
      • Overview of ITGC process timeline
      • Three main subcommittees exist
      • Suggestion that proposals will probably come from Risk Management group
      • Suggestion to create process to identify priorities and create subcommittees to address them for the following year
    • Encryption Policy Expansion for Mobile Devices in the Covered Entity
      • Recent expansion of IT Security Program includes encrypting mobile devices
      • Mainly affects Health Science Colleges
      • Timeline and implementation will be set for Microsoft Bitlocker Administration & Monitoring
      • Discussion of resources, status of recommendations, requirements being met
      • Discussion of personal devices, accessing high risk data without downloading/storing
    • Web/Content Management System
      • With launch of new UIC website, recommendation that a governance committee exist to deal with web issues
      • Suggestion to create subcommittee to address issues: create a policy of standards, best practices, and templates for use by units
      • Discussion of related efforts: UIC website redesign, previous CMS subcommittee
      • Discussion of overlap with Pixo recommendations
      • Will investigate existing committee and work with Public Affairs on this effort
    • Cloud Storage Documentation
      • Discussion between IT directors about various cloud storages on campus: what is allowed to be stored on each, related policies, etc.
      • Suggestion to create a matrix of options, and what each can/should be used for
      • Update will be given next meeting
  • Announcements
    • Expect Bylaws Revision in September
    • InfraSec Representatives
      • Suggestion that InfraSec representatives communicate with REACH in their units
    • Cloud Services
      • Suggestions that there are efforts to get a cloud service under contract
    • Committee on Policies
      • Note that a committee to create policies on policies has been created
    • Personal Email
      • The option to ‘forward to personal email’ to be removed when O365 launches
    • Phone Charging in Classrooms
      • Concern of potential problems with students charging phones in many outlets
      • Suggestion to consider USB charging in classrooms, policies with stolen phones
      • Discussion of existing efforts

InfraSec 07.08.15 Minutes

Attending:

Jason Maslanka, Kevin Price, Chris Barton, Ed Zawacki, Bala Ramaraju, Craig Jackson, Phil Reiter, Allen Randall, Frank Cervone, Sandeep Dath, Therese Molina, Mike Kirda, Doug McCarthy, Ashok Benet, Sarah Ritch, Gene Fruit, Lisa Blake, Julio Chavarria, Ian Huggins, Josh Naylor, Cynthia Herrera Lindstrom, Ilir Zenku, Vinay Surpuriya, Mark Goedert, Kevin Shalla

  • Subcommittee Reports
    • Subcommittee Review
      • Went over list of existing subcommittees, active and standing
      • Subcommittee reports will be on the agenda for future meetings
    • IS-0002 Digital Accessibility
      • On hiatus
      • Currently looking at standards in accessibility, training and tools available
      • IT accessibility policy is being drafted at Urbana
    • IS-0008 Risk Management/Risk Assessment
      • Risk assessment report completed of all Health Science Colleges
      • Group working on furthering risk management
      • Will go beyond identifying risks to remediating issues
      • Three quotes shared on data inventory, risk management, vulnerability scans
      • Letter coming from University Audits on risk assessment observations
      • Discussion of budget, security program, current efforts, and various concerns
    • IS-0009 Security Program
      • Two sections withstanding on reviewing the policy
      • Group is working on what changes can be implemented now, what will wait
  • Project and Services Updates
    • Tigger Decommissioning
      • Getting all website off Tigger by end of fall semester
      • Emails will go out how to remove site and where to get help
      • After, email accounts on Tigger will be deactivated, switched to Exchange
      • End goal to make Tigger accessible only to ACCC people
      • Discussion of publish.uic.edu templates and official design
    • RedHat Licensing
      • License costs went up 20k, plan to renegotiate cost to reflect current use levels
      • Otherwise, there will be a move to CentOS from RedHat
    • Virtual Private Network Update
      • Presentation on VPN survey findings
      • Discussion of findings, reliability of client, alternative services
      • Discussion of VPN problems, solutions, and need for more communication
  • Open Discussion
    • Governance Structure & COBIT
      • Observations of goals shared for the future of InfraSec Committee
      • Meeting imminent to discuss InfraSec and COBIT with ACCC
      • Summary of feedback shared from survey sent to the committee
      • Discussion of whether or not committee will continue to set/pursue priorities
      • Discussion of following-up priorities, creating action items and a roadmap
      • Discussion of how COBIT can help with this
    • ADSM Plan/Server Backups
      • Discussion of aging equipment, no storage space, and things to be removed
      • Working to move onto a new system/adjust hardware to address problems
      • No official backup service for new servers, work is being done to address this
    • IT Security Policy Letter
      • Committee had asked for an official letter to go out to communicate IT Security Program and available resources
      • Provost will send letter out, members should comment in Box with feedback
    • Ideas To Be Explored – RT Upgrade, Web/Content Management System Committee
      • Group is tabling Web/CMS
      • Discussion of feedback on RT upgrade
      • Discussion of work being done to develop each RT as a separate instance
    • Outside Services
      • Concerns about outside service that affect the campus, i.e. SharePoint via AITS
      • Concerns about HIPAA and FERPA restrictions on these services
  • Informational
    • Disaster Recovery & Business Continuity Engagement with McGladery
      • McGladery representative discussed working on consulting project with ACCC
      • Discussion of responses to survey sent out about disaster recovery
      • Discussion of members’ expectations if ACCC data center were to fail
      • Suggestion that a plan must be put in place and shared with campus
    • Perfect Attendance Awards
      • Recognition of committee members who had perfect/near perfect attendance
    • Identity Access Management
      • NetID length discussion has been moving forward
      • IAM will be reaching out to committee members for feedback on applications
    • HIPAA
      • A letter will be going out to deans outlining HIPAA related policy and training to those under the covered entity

InfraSec 06.10.15 Minutes

Attending:

Phil Reiter, Allen Randall, Frank Cervone, Kevin Shalla, Lalo Camacho, Sandeep Dath, Therese Molina, Mark Goedert, Mat Willis, Bala Ramaraju, Ernesto Reyna, Craig Jackson, Jason Maslanka, Kevin Price, Ed Zawacki, Chris Barton, Mike Kirda, Andre Pavkovic, Lisa Blake, Heather O’Leary, Ron Fernandez, Marcin Hiolski, Ilir Zenku

  • Risk Assessment
    • Overview
      • Risk assessment is completed
      • Procedure for future assessments has been created
      • Draft recommendations reviewed, focusing on four to be implemented
      • Cynthia is now a U of I HIPAA Privacy and Security Officer
    • Business Associate Agreement
      • HIPAA subcommittee is working on a BAA template for BAAs on campus
    • Vulnerability Assessment
      • Committee should recommend how to roll out assessment
    • ePHI Data Inventory
      • Proposal for a shared inventory tool is to be made available to campus
      • Discussion of recommendations, what it will take to move forward
  • Security Goals for InfraSec
    • Review of Security Program
      • A policy shift as occurred—HIPAA issued a mandate that policy must be amended to include encryption of all devices under the covered entity
      • Decision was made not to allow employees to store high risk data on their personal devices
      • HIPAA training will be required of everyone under the covered entity, not just for those handling high risk data
    • Subcommittees
      • Suggestion to evaluate subcommittees: what exists, what each is working on, how each should change going forward
    • Disaster Recovery Plan
      • McGladery will work to survey InfraSec members about disaster recovery needs
  • Status Updates
    • Enterprise Apps
      • The group is meeting next week to discuss requirements and next steps
    • Office 365
      • An email is going out to REACH and IT professionals focusing on a change in personal purchases
    • Chair Meeting Outcomes/ Council
      • Chairs of ITGC committees met to discuss HR resolution
      • Discussion of Data Governance Committee recommendation on the need to consider language to differentiate between governance and operations
    • Subcommittees and Bylaws
      • There are a number of listed subcommittees to review, work to be archived
    • ADSM
      • There have been issues with ADSM
      • CrashPlan is a solution for workstations, but not servers
      • CrashPlan licenses are not going out to everyone yet, but units are encouraged to use it when possible, and to pull data off ADSM
      • Goal is to incorporate CrashPlan costs into rate and funding for FY17
    • Virtual Private Network
      • Working on VPN, looking for more user data for what more is needed
    • Unified Communications Roadmap/Consulting
      • The Burwood group is consulting with ACCC on Unified Communications