InfraSec 06.14.17 Minutes

Attending:

Jason Maslanka, Phil Reiter, Matt Miller, Frank Cervone, Sandeep Dath, Kirsten Pielstrom, Ernesto Reyna, Mike Kirda, Ian Huggins, Sandy De Groote, Sarah Ritch, Elizabeth Romero, Allen Randall, Mark Goedert, Marcin Hiolski, Vinay Surpuriya, Therese Molina, Dan Pollack, Ian Huggins, Doug McCarthy, Andre Pavkovic, Lisa Blake, Ateeq Rahman, Daniel Paz-Horta, Kevin Price, Ashok Bennett, Chris Barton, Dean Dang, Michael Toussaint, Ron Fernandez

  • Faculty Activity Profile Tool
    • Infrastructure Framework
      • Noted that there is an effort to select a campus wide profiling tool
      • A committee is looking at various toold and putting together a list opf requirements
      • The committee was asked to look at the RFP and consider what infrastructure would be needed to access the data for the tool
      • Working on a timeline for implementation, and the committee was asked to give regular updates of the review project
      • Discussion on how this tool might interact with the START MyResearch portal as well as funding and RFI
  • Subcommittee Reports
    • Digital Accessibility
      • Had a successful presentation at ITPF
      • Questioning whether UIC needs own version of FAE on campus
      • Looking to create a shared campus
    • Digital Signage
      • Meeting soon to finalize details
      • Goal is to start installing signs at start of fall semester
    • Risk Management/Assessment
      • Submitted final surveys for HIPAA liaisons to review
    • Security Program
      • Making sure the last rollout is completed before rolling out next quarters
    • Regional Sites
      • There were meetings which involved both the Rockford and Peoria campuses
      • There is now a better sense of the teams and tools being used at each campus
    • Web Tech Governance
      • Will be reevaluating whether the search engine optimization still needs to be reviewed
  • Old Business
    • HR Global Degree Requirement
      • Once the next meeting is scheduled, the charge of the HR advisory committee would be the review appeals on Civil Service positions
      • Since the committee is concerned about lack of action, it was suggested to write a letter to the HR advisory committee
      • Discussion of ineffectiveness of actions already taken
  • Shared Services
    • Endpoint Management
      • A list of requirements has been created, still working on report
      • Noted that Urbana is working on an endpoint management plan that may or may not involve UIC
  • Chair’s Report
    • IT Department Level Responsibilities
      • Suggested that the role of department IT has not been defined
      • Discussion on whether to define role or map out current work to determine an ideal state
      • Discussion on importance of defining roles
      • Concerns voiced about AITS functions being merged with Urbana
  • Group Discussion
    • ITGC Recommendations Report Group Exercise
      • Noted that the report includes five recommendations and the committee was asked to break into groups and discuss potential solutions to each
    • Purpose and Mandate
      • Agreed on need to address mandate, leadership, etc.
      • Need new strategic plan
      • Define who makes decisions and where services sit
    • IT Leadership Model
      • Agreed that the split of responsibilities of CIO and ACCC director is important for implementing a strategic vision for IT
    • Re-brand
      • Noted that re-branding is dependent on what comes of other recommendations
      • Discussion on different ways to re-brand ITGC
    • Structure
      • Disagreed with the simplification and suggested that the structure be broader and more representative
    • Communications and Onboarding
      • Noted that consistency is needed in replacing members from leadership
      • Suggested mentorship pairing for new members
      • A governance arrangement matrix was shared
  • Announcements and Updates
    • UIC Web Committee
    • Committee is being reprised and a survey will be sent out asking for requirements
    •  iLeCT
      • The IT MOR Leadership Conference is coming up
    • iOS Workshop
      • An Apple representative will be at UIC to host an upcoming workshop
    •  Email
      • Noted that mail will stop being routed to Tigger and Mailserv and will be routed to Exchange instead
      • Users will be unable to route mail to off-campus mail services
    •  Voicemail
      • Changes will be coming to voicemail
      • The committee will work with the networks director to find the best way to communicate to the end users when the changes are made

InfraSec 05.10.17 Minutes

Attending:

Jason Maslanka, Ian Huggins, Mike Kirda, Ron Fernandez, Miguel Martin, Cynthia Herrera Lindstrom, Frank Cervone, Marcin Hiolski, Kevin Price, Ed Zawacki, Elizabeth Romero, Rehman Ali, Allen Randall, Bala Ramaraju, Lalo Camacho, Kirsten Pielstrom, Russ (CDW), Tony (Cisco), Therese Molina, Doug McCarthy, Ateeq Rahman, Sandeep Dath, Chris Barton, Heather O’Leary, Vinay Surpuriya, Ashok Bennett, Matt Miller, Ernesto Reyna, Sarah Ritch, Mark Goedert, Daniel Paz-Horta

  • Unified Communications
    • Presentation
      • There was a presentation on the Unified Communications plan for UIC
      • Suggested that ACCC worked with CDW to find solutions
      • Discussion of timeline and need for funding
      • Some parts of the plan can be launched immediately and some will take longer
      • Cost of new plan will be integrated into rate and funding as part of the basic bundle
      • Discussion of need to get funding
      • Concern was voiced about buildings not owned by UIC and need for wiring
      • Discussion of need to move off of Centrex and make updates to other systems due to outdated equipment
  • Subcommittee Reports
    • Digital Accessibility
      • Going over top websites for accessibility
      • Also trying to get a server on UIC’s campus for unlimited checks and pages for accessibility
    • Digital Signage
      • Working to put package together and will present when ready
    • Risk Management/Risk Assessment
      • The language for the risk assessments were finalized
      • New HIPAA employee will start this month
    • Security Program
      • New members have joined, working on quarterly rollouts
    • Regional Sites
      • Reps from all regional campuses met last month
      • Working on a site visit to Peoria
      • Noted that ACCC is in conversation to bring Peoria into our infrastructure
    • Web Tech Governance
      • Google Analytics will be made available for tracking websites
      • Discussing issue of search engine silos on campus
  • Old Business
    • HR Global Degree Requirements
      • Memo will be going out soon
    • Shared Services
      • Endpoint Management Requirements Group
        • Met recently to discuss preliminary requirements for a solution for across campus
        • Goal of coming up with and prioritizing most important requirements for the campus
        • Will report back when the list is complete
  • Group Discussion
    • UIC Red; Provost’s Email
      • Noted that Red is now available and there is a directive to use it
      • Concern was voiced on the platform, the rigidity of it, and security
      • There will be a follow up about allowing more flexibility
    • Box Replacing Windows Files Shares
      • Whether or not departments are moving file shares into Box was questioned
      • Noted that OneDrive cannot be used for high risk data
      • Discussion of problems with permissions and off-boarding
      • Discussion on need for management tools
    • Quarterly Maintenance Windows FY18
      • There was a presentation on the maintenance windows for FY18
      • Noted that the January window was moved up to accommodate holidays
    • VPN
      • The network core migration hit a roadblock due to VPN problems
      • ACCC is looking for a commercial solution
      • Discussion of pilot timeline and implementation
  • Announcements and Updates
    • iLeCt Update
      • CEB webinar coming up
      • The group will be presenting at the IT Pro Forum
      • The MOR Leadership Conference is coming up
    • Project Management Training
      • A project management training program through External Campus is being worked on
      • Discussion on whether departments or individuals would pay

InfraSec 04.12.17 Minutes

Attending:

Frank Cervone, Phil Reiter, Lisa Blake, Jason Maslanka, Andre Pavkovic, Doug McCarthy, Mike Kirda, Matt Miller, Vinay Surpuriya, Ron Fernandez, Ian Huggins, Sandeep Dath, Ed Zawacki, Allen Randall, Jelene Crehan, Dean Dang, Ernesto Reyna, Kevin Price, Ashok Bennett, Chris Barton, Dan Pollack, Ilir Zenku, Ateeq Rahman, Lalo Camacho, Heather O’Leary, Daniel Paz-Horta

  • Subcommittee Reports
    • Digital Accessibility
      • Will be presenting at the IT Pro Forum
      • Still looking for a new co-chair
    • Digital Signage
      • Issues have been resolved
      • Working on package for ACCC services page
      • Working to create a per-building directory
    • Risk
      • Performed final review of the survey
    • Security Program
      • Pharmacy has taken over scheduling of quarterly meeting
      • Will resume meetings of UISOs
      • Looking for more members from the East Campus
      • Will be looking at UIC policy on policies website
      • Discussion of member expectations
    • Regional Sites
      • Have set a permanent, recurring meeting time
    • Web Tech Governance
      • Continuing projects set in February
  • New Business
    • HR Global Requirement
      • A memo was written to send to HR regarding degree requirements
      • Discussion of how to allow for H-1B visas if the degree requirement is removed and other consequences of changing requirements
      • Motion to approve the memo was approved
  • Old Business
    • Risk Management/Risk Assessment Proposals
      • The council has approved the proposals to go forward to the Provost, as well as ACCC, and HIPAA budget requests
    • Unified Communication
      • A presentation from Cisco to go over plan and costs is being planned for May
    • Shared Services
      • Endpoint Management
        • A requirements group and a technical design group were formed
        • Noted that as the group considers shared services, they should communicate with others at UIC and in Urbana to find solutions
        • Discussion on how new shared services would be governed
      • IT Investment Proposal Portfolio
        • Need to create a portfolio of future ideas for the shared services framework
  • Chair’s Reports
    • BAA for Box
      • The Box quota will be increased to unlimited storage on April 24th
      • The BAA for HIPAA compliance is still under negotiation
  • Group Discussion
    • Website Outage Tools
      • Engineering has VMs for WordPress sites
      • Discussion of services and fees
    • Public Wi-Fi
      • Dentistry would like to have public Wi-Fi for patients
      • Discussion on what a public Wi-Fi service would look like
      • Noted that there is risk involved with opening a network on campus
      • Discussion of Wi-Fi needs, potential funding options, and possible support issues
  • Announcements and Updates
    • iLeCT
      • Noted that iLeCT had a strengths finder workshop
      • It was requested that the group hold some events on the East side
      • Working with HR on professional development and a potential badging program
      • Noted that there will be a series of webinars from CEB coming up

InfraSec 03.08.17 Minutes

Attending:

Ernesto Reyna, Shannon Reden, Mat Willis, Dan Pollack, Miguel Martin, Lisa Blake, Jason Maslanka, Andre Pavkovic, Phil Reiter, Matt Miller, Doug McCarthy, Dan Paz-Horta, Ateeq Rahman, Vinay Surpuriya, Allen Randall, Barry White, Therese Molina, Dean Dang, Mike Kirda, Bala Ramaraju, Elizabeth Romero, Mark Goedert, Gene Fruit, Kirsten Pielstrom, Kevin Price, Marcin Hiolski, Chris Barton, Heather Ross, Ron Puskarits

  • Group Discussion
    • IT Job Families
      • An overview of the iLeCT leadership group and the importance of the job families and how they relate to IT was given
      • A potential badging program for professional development was mentioned
      • The new job model was presented on
      • Concern was voiced about the requirements for advancement
      • Discussion on the different avenues for advancement
      • Discussion of STEM disciplines and others to include in the educational requirement
      • Noted that the model could be adjusted later
      • Stated that an extended discussion of the job model would be had at a later date
      • Feedback will be reported back to HR
  • Subcommittee Reports
    • Digital Accessibility
      • Mentioned that they are continuing their efforts to test for accessibility on more public campus areas
      • Noted that they are investigating the accessibility of Red.uic.edu
    • Digital Signage
      • Nothing new to report
    • Risk Management/Assessment
      • Mentioned that members were assigned to review the final version of the Risk Assessment survey
      • Expected to be completed by the end of March
      • Mentioned that there are separate surveys being distributed across multiple groups
      • Surveys should be completed by the next meeting
    • Security Program
      • Noted that there is a request for more representation from different operational areas
    • Regional Sites
      • Discussion on the uses of the student tech fee
    • Web Tech Governance
      • The subcommittee is tackling three major subjects right now: having Google analytics across campus, evaluating how websites are handling their search engines, and readdressing the need to use redirects on the websites
  • Old Business
    • HR Resolutions/IT Classification Advisory Board
      • The kickoff meeting was noted as well as what was discussed and what the board’s responsibilities are
      • Discussion on the job model and how progression is/can be handled
      • Discussion on whether the board will be engaged directly or if employees will have to go through HR
      • Discussion on the role of HR in the process of advancement as well as the classification of positions
    • Risk Management/Risk Assessment Proposals
      • Whether or not the proposals should be redirected for review was questioned
      • Discussion on the review process and its timeline
    • Unified Communications
      • A brief background on ACCC’s goal for unified communications
      • Discussion on a recommendation for the solid call platform
      • Mentioned that the focus is on the cost overlap and the rate
      • How the system would work across all three campuses was briefly explained
  • Chair’s Reports
    • Shared Services Framework
      • The Shared Services presentation was gone over as well as the best path through the framework
      • Mentioned that feedback and working group participation would be beneficial
      • What the shared services are and are not were defined
      • Noted that there are three groups: Service Design Leadership, Service Design Technical Group, and Build and Operational
      • Discussion on the presentation and the functions, funding, and operations
  • Group Discussion
    • Public Wi-Fi
      • Mentioned that there have been years of questioning and requesting public access to Wi-Fi
      • Suggested that there should be a service for public access to Wi-Fi
      • Discussion on importance, possible sources of funding, and impact
    • Ad Astra
      • Mentioned an email discussing Ad Astra in colleges sent out after the last meeting
      • Short discussion on the rollout, possible need for adjustments, and role on campus
      • There will be a follow up brought back to the committee for further discussion
  • Project and Service Updates
    • ACCC Project Updates
      • Announced that Outlook’s storage capacity has increased from 50GBs to 100GBs
      • Mentioned that the countdown for the completed Exchange project is being mapped out
      • A document was mentioned which describes the many different mail routes
      • Short discussion on the document as well as how Exchange will affect the various units
    • ITGC Review
      • Mentioned that the final report was delivered
    • DUO for Banner
      • A presentation on why Two-Factor Authentication and Banner are important and beneficial to the university was given
      • Noted that the audit is due April 1st
      • Discussion on DUO and its potential uses

InfraSec 02.08.17 Minutes

Attending:

Ed Zawacki, Lalo Camacho, Mike Kirda, Andre Pavkovic, Frank Cervone, Phil Reiter, Mark Goedert, Kevin Price, Matt Miller, Bala Ramaraju, Marcin Hiolski, Ateeq Rahman, Vinay Surpuriya, Therese Molina, Chris Barton, Gene Fruit, Heather O’Leary, Ashok Benet, Ilir Zenku, Jelene Crehan, Ernesto Reyna, Sandeep Dath, Chris Berndt

  • Subcommittee Reports
    • Digital Accessibility
      • Had first meeting of the year
      • Looking at evaluating different websites for accessibility
      • Noted that the group will work on a process for anyone who needs live captioning
    • Risk Management/Risk Assessment
      • New survey content was created and will be put into Qualtrics
    • Security Program
      • Working to reorganize meetings
      • Looking for new members
    • Regional Sites
      • ACCC visited Rockford
      • Follow up meeting topics included services provided to Rockford, potential shared services, sharing resources, and more
  • Old Business
    • IT Classification Advisory Board
      • Will be meeting soon, updates at next meeting
    • Burwood Report
      • Met with CDW
      • A meeting has been scheduled with ACCC to review the rest of the documents
  • Chair’s Report
    • IT Governance Council Recap
      • ITGC discussed FY18 proposals
      • There was a discussion at the council meeting on how to present proposals to the Provost
      • Suggested to create a document including all IT budget requests to allow the Provost to consider all needs at once
      • Each request will be categorized as critical infrastructure, service improvements, or new initiatives
      • The final document will be shared with the ITGC committee once complete
      • Discussion of ITGC reporting structure with some concerns about VCHA
      • Noted that once the VCAA receives the proposals, they would be shared with the VCHA
      • Noted that HIPAA requests are at the system level
  • Project and Service Updates
    • ACCC Project Updates
      • An update on the Exchange Online project was given
      • Need to complete by December 2017
    • Box Limits
      • Current limit is 50gb
      • Working on new contract with Box for unlimited storage
    • Ad Astra
      • Suggested that the people running Ad Astra would be coming to an upcoming meeting to present on the service
    • Symantec
      • Noted that the pilot has begun on a Symantec server with Nursing and VCAS
  • Announcements and Updates
    • New IT Auditor
      • A new IT auditor will be starting at the end of February
    • iLeCT Update
      • Have been meeting biweekly
      • Noted that there are a few upcoming events
      • Have met with HR to get more training to IT staff on campus
      • Some discussion on the IT job family model
      • HR will be presenting to the InfraSec committee in March
      • iLeCT will have an event to discuss the model with all IT staff
      • Eventually, a badging program could be mapped to the job families
    • Shared Project Management
      • Have had informal meetings to discuss how IT can be more efficient
      • Looking at the IT project management process
      • Looking to improve uniformity and sharing of project management resources
    • Shared Services – Endpoint
      • Followed up with UIUC on Big Fix and SCCM
      • Need to consider existing frameworks when looking at how to create shared services
      • UIUC will follow up with ACCC
      • Noted a need for further discussion in ITGC and ACCC
    • uic.edu
      • New UIC website platform is now available
    • AITS Services
      • There was an internal review followed by an external review of AITS and services offered
      • There will be a restructuring of AITS
      • Suggested that the universities might create a framework for sharing support
      • Noted that one service being restructured is information security
      • Suggested that whatever shared services is created must be fair and helpful to all universities
      • Discussion of how shared services should be created
  • Small Group Discussions
    • Intro/Breakouts
      • The committee broke into small groups to discuss Endpoint management, Data Security & Storage/Systems for High Risk Data, Servers & Storage, and Shared Services Framework
      • Discussion on how shared services could fit into the IT governance model
    • Report Back
      • Each small group reported back with their ideas
    • Final Discussion
      • Noted that there will be work done to bring a shared service model to UIC
      • Suggested a small group be put together to oversee the process
      • Discussion of Power Plant, their framework, and how to collaborate going forward

InfraSec 01.11.17 Minutes

Attending:

Gene Fruit, Lisa Blake, Jason Maslanka, Sandeep Dath, Marcin Hiolski, Chris Barton, Kevin Price, Frank Cervone, Mark Goedert, Jelene Crehan, Janet Shaw, Ian Huggins, Mike Kirda, Bala Ramaraju, Vinay Surpuriya, Jackie Kern, Doug McCarthy, Allen Randall, Lalo Camacho, Matt Miller, Heather O’Leary, Josh Naylor, Ernesto Reyna, Ashok Bennet, Ron Fernandez, Phil Reiter, Dan Pollack, Therese Molina

  • Discussion Topics
    • UIUC Shared Services
      • Power Planted started in May 2015 with goals of making IT as ubiquitous as electricity
      • Started by focusing on a few main services, then put together a high level requirements gathering team, then the solutions team took over
      • The process for considering how to meet user needs and coming up with realistic solutions was outlined
      • A Power Plant Advisory Group is heading the effort on reaching out to users and working with IT Governance to make decisions and keep everyone informed
      • The status of a few services they are working on were gone over
      • Discussion on process for finding best solutions and occasional outsourcing
      • Further discussion of funding models, noting that each service is different
      • Questioned whether the Power Plant is working with UIC and UIS to consider services shared between campuses
      • Noted that they are working to hire project managers to engage more with other campuses
      • Concern expressed about services in Urbana
      • Concern also raised about governance in Urbana not getting enough input from users at UIC
      • Suggested that there needs to be a discussion about end goals of services
      • Suggested having regular communication between campuses as new services are developed
    • UI IT LT Share Services Governance
      • A presentation on the Shared Services Governance Group was given
      • Noted that this group focuses on services shared across the university system while Power Plant focuses just on UIUC
      • The charge of the group, who is involved, and how they make decisions on services were also gone over
      • The tasks the group has done as well as how to go about creating an operational level agreement was outlined
      • The shared services website and current services offered were also gone over
    • Shared Services Discussion
      • Discussion of how to better work on creating shared services and reducing replication
      • Further discussion of how shared services are needed in this budget climate
      • Suggested that it is acceptable to have another campus/unit run a service, so long as there is some guarantee of reliable service and ongoing communication
      • Suggested that there are three models: units host their own services, a well-funded central unit supplies services, and shared governance maintains a balance between the first two
      • Suggested that governance is currently ineffective
      • Suggested that the committee should be involved in creating a vision for IT services
  • Subcommittee Reports
    • Digital Accessibility
      • Working on the giving.uic.edu page to improve accessibility
    • Risk
      • A risk cycle is coming up, an assessment survey will be sent out to campus
    • Security
      • Fifth quarter roll out will be coming soon, delay in original timeline
    • Regional Sites
      • Did not meet last month, Rockford will be hosting ACCC on January 27
  • Old Business
    • HR
      • No further updates
    • Burwood Report
      • WTC will send their documents with initial numbers for review
      • A draft report from CDW was received, waiting on the final
      • There will eventually be a guiding document on how to go forward with unified communications
  • Project/Service Updates
    • ACCC Updates
      • Exchange kickoff meetings with every unit have been being scheduled
      • A plan of action for once all migrations are completed is being worked on
      • Committee was asked how holdouts should be handled
      • Suggested cutting off services to those who do not migrate
    • VPN
      • There is a current project to find a commercial VPN solution
  • Chair Report
    • uic.edu
      • The new WordPress website platform is still not functional, should be available in January
  • 2017 Challenges and Goals
    • Discussion
      • Committee was asked to consider their current challenges and goals for units
      • A report from ACCC about what services are coming in the next 18 months was asked for
      • Committee members shared goals and challenges
      • Discussion on how to better share services between units and when to go ahead with an internal solution
      • Noted that there is a need to move decisions forward more quickly
      • Suggested that the ITGC should set timelines on specific services for decisions to be made
      • Further discussion of priorities set by InfraSec and how to get them addressed and funded
      • Noted that the ITGC assessment process is almost complete
      • A report of recommendations will come out and will be shared with the Provost and Chancellor, they will decide how to move forward
      • Suggested that there should be a greater effort on created shared services

InfraSec 11.07.16 Minutes

Attending:

Marcin Hiolski, Miguel Martin, Lisa Blake, Jason Maslanka, Kevin Shalla, Ed Zawacki, Chris Barton, Andre Pavkovic, Mike Kirda, Barry White, Lalo Camacho, Allen Randall, Mark Goedert, Vinay Surpuriya, Doug McCarthy, Ron Fernandez, Mat Willis, Ernesto Reyna, Frank Cervone, Phil Reiter, Bala Ramaraju, Matt Miller, Shannon Redden, Dan Pollack, Therese Molina, Josh Naylor, Kevin Price, Gene Fruit

  • Subcommittee Records
    • Digital Accessibility
      • Met with UI Health website people, had a positive response
      • Suggested that groups can request an assessment
    • Digital Signage
      • Waiting on Industry Weapons for a problem with maps
    • Risk Management/Risk Assessment
      • Met to compose a letter to the provost requesting responses on past proposals
      • Looking to elect new chair
      • Will be sending out surveys soon to help address risk assessment
    • IT Security Program
      • Noted that while there are issues to be addressed, the subcommittee is working on linking guidelines to the program
    • Regional Sites
      • Discussed which services are available to regional sites
      • ACCC directors visited Peoria and it was suggested that visiting Rockford would also be helpful
      • Suggested to bring broader group of people
    • Web Tech Governance
      • Will be building website
      • Working on data sharing to provide content templates
  • New Business
    • Patch Management
      • Noted that there was a meeting to address concerns about BigFix as a supported service from Urbana
      • Concern was voiced about BigFix being discontinued without comment from ITGC
      • Possible patch management solutions were gone over
      • Concern expressed about UIC and Urbana not collaborating enough
      • Suggested that without a formal structure, it is difficult to ensure that shared services are maintained
      • Discussion on how to improve collaboration and communication between campuses
      • Further discussion on the discontinuation of BigFix and decisions leading up to it
      • Further discussion on relations between campuses as well as a need for documentation and accountability for service
  • Old Business
    • Risk Assessment Letter to Provost
      • A letter written to the provost requesting a revisit to the proposals submitted last year and a formal response was reviewed
      • Motion to approve the letter to be sent to the Council
      • Motion approved, no opposition voiced
      • Committee reviewed the risk assessment status addendum
    • Burwood Report
      • Feedback on the report as well as concerns about how UIC is collaborating with other campuses was provided
      • More information on pricing between Lync and Cisco was requested
      • Suggested that CDW will be providing a report on which would be better for UIC
      • Discussion on other options, costs, and support staff issues
      • Suggested that more information was needed, but a decision must be made soon
  • Project and Service Updates
    • ACCC Project Updates
      • Exchange Online is moving forward and updates can be found in the report
  • Chair’s Reports
    • Provost & Admin Rights
      • Discussion on reactions to the Provost’s announcement on admin rights
      • Discussion Topics and Announcements
    • Opsview
      • Questioned whether there is an interest on campus for Opsview to monitor servers
    • LeCT
      • Planning committee will be meeting more frequently
      • An HR event is being planned
      • A badging program is under construction
    • Security Training Lunch ‘n’ Learns
      • Suggested having events on security training which may be recorded and shared online
    • HRFE Access Blocked at AITS Firewall
      • Presentation was given on changes to HR Front End to mitigate risk
    • Duo Licensing
      • An update on Duo was shared
      • Discussion of Box and related policy concerns

InfraSec 10.12.16 Minutes

Attending:

Jason Maslanka, Allen Randall, Cynthia Herrera Lindstrom, Kevin Shalla, Ed Zawacki, Frank Cervone, Elizabeth Romero, Andre Pavkovic, Mike Kirda, Marcin Hiolski, Mat Willis, Mark Goedert, Matt Miller, Kevin Price, Vinay Surpuriya, Chris Barton, Lisa Blake, Heather O’Leary, Phil Reiter, Sandeep Dath, Sarah Ritch, Shannon Redden, Ashok Bennett, Ron Fernandez, Therese Molina, Josh Naylor, Dan Pollack, Ilir Zenku, Doug McCarthy, Lalo Camacho,

  • Subcommittee Reports
    • Digital Accessibility
      • High profile evaluation of websites helping to improve accessibility issues
      • Created a subcommittee to work on this
    • Digital Signage
      • Still struggling with Industry Weapon and mapping
    • Risk Assessment
      • Presentation given on state of risk assessment
      • Went over achievements, importance, and future goals
      • Named next steps
      • An HR focused draft of a survey was shown, naming concerns and need to push forward
      • Need for continued follow-up on 2015 Risk Recommendations proposals
      • Discussion of recommendations and status of implementation
      • Noted that there are three priorities the group is focused on
      • Discussion of funding issues
      • Discussion of Nessa’s meeting campus needs
      • Concern expressed about work done on this topic
      • A summarized update was asked for to send to the Provost
      • Suggested that the risk is understood, but the lack of funding is an issue
      • Suggested to create a document to send to Council, Provost, and VCHA
      • Suggested that a possible solution would be to ask HSCs to provide funding for costs of risk assessment
      • The subcommittee was asked to create a document emphasizing work to be done to send to upper administration voicing concern of UIC IT community
    • Security Program
      • Fourth quarter rollout happened at UISOs met yesterday, annual report almost complete
      • Concern expressed about new Qualtrics dashboard and other issues
    • Regional Sites
      • Will have first meeting next week and report to next meeting
  • New Business
    • ACCC Service Level Agreements
      • Presentation on ACCC SLAs given
      • How to work with ITGC to establish SMART SLAs and set expectations was questioned
      • Since currents SLAs were set by service managers, feedback from the InfraSec committee was requested
      • Committee was asked to review the SLAs and send feedback
      • Measuring service performance was questioned
  • Old Business
    • Web Governance Subcommittee
      • First meeting scheduled, will report to InfraSec committee at the next meeting
    • HR Resolutions
      • No new information, Appeals Board delayed
    • Burwood Report
      • Suggested that a revised report has been prepared
      • Burwood rescanned the environment and updated the report
      • Suggested that the report outlines various options
      • Suggested that there will be an update on the strategic plan
      • CDW will be providing a comparative report on the options
  • Projects and Services
    • ACCC Projects
      • Exchange Online is moving along
      • Meetings with units being arranged
      • An overview was given
    • DUO Miltifactor Update and NESSIE
      • Presentation on DUO was given
      • Discussion of communication plan for November 10 deadline
    • Box BAA
      • Contract still being worked on
      • Discussion on a projected goal for completion
  • Chair’s Reports
    • Information Privacy & Security Committee
      • Noted that HIPAA training almost complete, some modifications being addressed
      • Units must submit a survey to determine whether they are under covered entity
    • ITGC Workshop
      • Suggested that workshop was insightful and participants were honest
      • Noted that some faculty members who were not in the ITGC provided different prospective
      • Report will be created by December
  • Discussion Topics & Announcements
    • De-provisioning Disabled Accounts
      • Presentation was given on disabling inactive accounts
      • Discussion of alternative options
    • IPHEC Cloud Projects
      • Suggested that the committee needs to look at details of the contract
      • Suggested to create a discussion group to look at business needs
    • Urbana AWS
      • Noted that Pharmacy had contacted Urbana about a contract issue and has not heard back
      • Urbana will be reached out to in order to see if UIC could be added to contract
    • Security Training Alternatives, “self-phishing”
      • Suggested that there are tools available to train people on how to avoid phishing
    • BCP/DR Educause Presentation
      • Suggested that a number of UIC people attended an Educause webinar on disaster recovery
    • UA Review
      • Suggested that a group had been put together to look at AITS, services provided, and possible improvements
      • Discussion of what final report might include
    • Academic Medical Center IT Forum
      • Members of the committee attended a forum which went over concerns for health-related schools in the Midwest
      • Other members of the committee were encouraged to join

InfraSec 09.09.16 Minutes

Attending:

Jason Maslanka, Dean Dang, Matt Miller, Mike Lamdagan, Sandeep Dath, Lalo Camacho, Chris Barton, Bala Ramaraju, Mark Goedert, Mike Kirda, Frank Cervone, Ed Zawacki, Janet Shaw, Allen Randall, Ernesto Reyna, Lisa Blake, Miguel Martin, Kevin Price, Shannon Reden, Therese Molina, Ron Fernandez, Kevin Shalla, Vinay Surpuriya, Andre Pavkovic, Barry White, Doug McCarthy, Ian Huggins, Sarah Ritch, Cynthia Herrera Lindstrom

  • Subcommittee Records
    • Digital Accessibility
      • First meeting of the year was held
      • Many improvements have been made including automated assessments on UIC websites
    • Risk
      • Working on risk assessment survey
    • Security Program
      • Revising incident response process
      • 4th quarter rollout has been posted and an email announcement will be sent out
    • Digital Signage
      • Currently testing the interactive touch signage
      • The goal is to bring to buildings all over campus
  • New Business
    • IPHEC Cloud Computing Services RFP
      • The RFP was awarded to SHI and there was a presentation on the selection process
      • Discussion of VPAT to prove accessibility
      • Discussion of SHI contract
      • Discussion of other existing contracts and possible issues
    • One ID, One Password
      • A presentation was given, noting that this service is going live in October
      • Discussion of timeline and specific parts of the project
      • Discussion of campus communication plan
      • The new process for new hires was gone over
      • Noted that support information was included in presentation
    • RAVE Guardian to Campus
      • A presentation was given on the RAVE Guardian Campus Safety App
  • Old Business
    • Web Governance Subcommittee
      • Officially a subcommittee
    • HR Resolutions
      • Invitations went out for people to participate
      • Survey under review and will go out
    • Risk Management/Risk Assessment Proposals
      • Suggested that there had been a meeting to discuss request for two FTEs to support HIPAA
      • Brought to university leadership
    • Burwood Report
      • Burwood came to campus to review the final document
      • Some data needs to be updated due to shifts in the industry
      • There was a meeting with CDW and they will look at our current infrastructure and do a cost analysis
      • Discussion of what is included in proposal
  • Projects and Services
    • ACCC Projects
      • Standing projects were gone over
    • Exchange Online, Related Audit
      • The audit document and recommendations were presented
      • Discussion of transition concerns and existing mail options/servers
      • There was a meeting with Microsoft support to discuss issues that need to be fixed in order to move forward
      • Discussion of unit needs for transition
      • A session for Q&A will be held
      • There will be communication to the campus about the move
      • There was a request for a deadline for Oracle Calendar
    • Project ACCC0067 – Streaming Media Strategy
      • Being run out of the ITGC Education committee to clean up all streaming services
    • Duo
      • A presentation was given on Duo
      • Discussion of implementation and related concerns
  • Discussion Topics
    • HIPAA Data Sharing Between Colleges/IT Infrastructures
      • A request was made on instruction on how to share HIPAA data between colleges/outside while still maintaining compliant
      • Discussion of the UIC Security Program
      • Suggested a meeting be set for further discussion
    • Password Change Notification from ACCC
      • Concern was voiced about password change notifications
      • Suggested that the password change process and related issues be documented and shared

InfraSec 07.20.16 Minutes

Attending:

Kevin Shalla, Chris Barton, Julio Chavarria, Ed Zawacki, Allen Randall, Brian Ng, Ashok Bennett, Frank Cervone, Cynthia Herrera Lindstrom, Vinay Surpuriya, Jason Maslanka, Therese Molina, Ernesto Reyna, Bala Ramaraju, Kevin Price, Marcin Hiolski, Andre Pavkovic, Josh Naylor, Phil Reiter, Matt Miller, Lisa Blake, Heather O’Leary, Dean Dang, Ron Fernandez, Mark Goedert

  • Subcommittee Reports
    • Digital Accessibility
      • Meeting in August to discuss important topics
    • Risk Assessment
      • Looking at survey to send out for risk assessment
      • Working to realign risk assessment business goals
    • Security
      • Next quarter rollout and annual report are ready
      • Flowcharts created for incident response
      • Discussion of timeline
      • Discusison of scheduling and sharing trainings across campus
      • Concern voiced about high-level campus buy-in
      • Discussion of making training mandatory and consequences for those who do not comply
      • Further discussion of scheduling trainings and need for centralization
    • Digital Signage
      • New product almost ready
  • New Business
    • Contracts
      • Noted that UofI IT consulting partner contracts have not been renewed
      • Staffing portion of the contract mentioned
    • Two-Factor Authentication
      • Presentation on two factor authentication was given
      • Suggested solution for attacks on direct deposit was given a demonstration
  • Old Business
    • Web Governance Subcommittee
      • First meeting was held and will be reporting back to InfraSec
    • HR Resolutions
      • Appeals board formed and will begin hearing appeals for misclassifications
  • Projects and Services
    • ACCC Updates
      • ACCC updates were shared
      • Discussion of Exchange Online
      • Further discussion of various projects and statuses
      • Discussion of CrashPlan BAA and HIPAA concerns
      • Working to get the BAA signed as soon as possible
  • Chair’s Reports
    • Committee in state of transition, need to work to find direction
    • ITGC assessment in process
  • Discussion Topics
    • ITGC Assessment Update
      • Noted that a survey had been sent out to ask for feedback on ITGC process
      • Focus groups will be held in the fall for further feedback and how to best improve ITGC
      • Discussion of importance of IT governance and need for improvement
    • VM Price Increase
      • Noted that VM pricing for CUPPA has doubled, making it harder to afford
      • ACCC staffing issues were questioned
      • Noted that services will be supported and the staffing issue is being worked on
    • LeCT
      • Noted that the IT leadership group is looking to expand
      • Discussion on how to encourage people to get involved
    • Exchange Online License
      • Suggested that the license expired but they have reapplied for it
      • Discussion of licensing for Exchange mailboxes
    • InfraGard & CyberHealth
      • What each group is and are helpful with was mentioned
      • Information will be forwarded to listserv