InfraSec 05.11.16 Minutes

Attending:

Chris Barton, Jason Maslanka, Sandeep Dath, Marcin Hiolski, Ed Zawacki, Elizabeth Romero, Allen Randall, Frank Cervone, Mark Goedert, Ilir Zenku, Sarah Ritch, Mike Lund, Miguel Martin, Lisa Blake, Doug McCarthy, Brian Ng, Sandra Robinson, Kevin Shalla, Janet Shaw, Mike Kirda, Bala Ramaraju, Josh Naylor, Phil Reiter, Vinay Surpuriya, Dean Dang, Therese Molina, Heather O’Leary

  • Subcommittee Reports
    • Digital Accessibility
      • Working to improve accessibility of new uillinois.edu website
      • Continuing to work with athletics website vendor
    • Risk Management/Assessment
      • Discussed risk management aligned with business, bring in HIPAA liaisons
      • Discussed 2016 assessment in the form of a survey
      • Status report to Audits nearly complete
      • Waiting for update form Council on submitted action
    • Security Program
      • Annual report is ready
      • Creating flowchart diagrams for incident response procedure
    • Digital Signage
      • Package should be ready for installation by Fall
  • New Business
    • Web Governance Subcommittee
      • Proposed to create a new subcommittee under InfraSec to look at technical aspect of web and governance thereof
      • A draft charter was shared
      • Discussion of charter, incentives, and consequences
      • Discussion of need for this subcommittee
      • Motion to approve creation of this committee, with the exception of strike of section four, was passed
  • Old Business
    • HR Resolutions
      • A procedure will be created to handle HR disputes
    • Risk Management/Assessment
      • Noted that the ITGC proposals went out to the Provost, but no updates have been shared
      • Official feedback on the proposals was requested
    • Burwood Report
      • Cisco and Microsoft are still being considered
      • Discussion on Cisco upgrade
  • Project and Service Updates
    • ACCC Reports Site
      • Noted that the site is publically available to the university
    • Multifactor Authentication
      • There was a presentation on why multifactor authentication is beneficial and how it could be implemented
      • Discussion on possibly uses of Duo Safety
    • Rate and Funding
      • Noted that rate and funding is moving forward
      • Basic format of the plan was gone over
      • ACCC will meet with each unit to discuss rates
      • Discussion of inability of units to cut costs once plan is made
      • There will be an advisory board to annually review and make changes
    • Exchange Online
      • An update of the Exchange Online implementation plan was given
      • Discussion of encryption and other aspects of Exchange
    • CrashPlan
      • Two major risks were discussed
      • Discussion on concerns about availability and funding
  • Unit Spotlights
    • ACCC
      • A presentation on the ACCC org structure and services was given
    • AES
      • Review of the services AES offers, upcoming changes, and recent projects
  • Discussion Topics
    • Meeting Time/Day Change
      • Discussion on possibly changing meeting time to a more accommodating one
    • HIPAA Compliant Server Backup
      • Suggested that servers obtain something that is like CrashPlan
      • Suggested that a proposal be written up and brought back to the committee for an official vote
      • Discussed other possibilities for backup, HIPAA concerns, and associated risks
    • IT Leadership
      • Members were reminded to sign up for MOR Leadership conference
    • IAM
      • Noted that IAM implementation for UIC will be coming in October
  • Announcements
    • Central Symantec Endpoint Server
      • New pilot server is being worked on in AHS

InfraSec 03.09.16 Minutes

Attending:

Julio Chavarria, Miguel Martin, Jason Maslanka, Sandeep Dath, Chris Barton, Ed Zawacki, Marcin Hiolski, Kevin Price, Mike Kirda, Doug McCarthy, Mark Goedert, Cynthia Herrera Lindstrom, Brian Ng, Mike Lund, Sandy Robinson, Andre Pavkovic, Allen Randall, Marc Carlton, Josh Naylor, Therese Molina, Kevin Shalla, Dean Dang, Matt Miller, Chris Hollenbeck, Ernesto Reyna, Ashok Benet, Dan Pollack, Phil Reiter, Heather O’Leary

  • Subcommittee Reports
    • Digital Accessibility
      • Working on improving UIC athletic site for accessibility
      • Working to improve site accessibility design process
    • Risk Management/Assessment
      • Currently working on status update which should be available at April meeting
      • Also looking at the next cycle for risk assessment
      • Attempting to, with the help of ACCC, develop a survey to deploy in the next cycle for risk assessment
      • Also working with Dell and Secureworks for POC on vulnerability scanning
    • Security Program
      • The UISO annual report is almost complete, will be conducted using Qualtrics
    • Regional Sites
      • The subcommittee had difficulty finding appropriate membership
      • It was asked that the subcommittee provide a list of priority items to bring back to the committee
    • Digital Signage
      • Looking at new packages
  • New Business
    • Service Request Form | TechStarter
      • A presentation was given on a subcommittee from the Education committee to work on creating a form for people on campus to submit requests for new instructional technology services and the feedback they have received
      • It was proposed that, rather than just using this for Educational technology, it be expanded to the other governance groups
      • Committee discussed the potential of the form, how funding would work, etc
      • There were concerns that proposals may come to governance before colleges are on board with the idea
      • It was suggested to have a website where ideas submitted are presented to the public
      • Discussion of how to prioritize items that come in from the form and compare to existing governance priorities
      • It was suggested that there might eventually be a social component, where people on campus can vote for ideas to help prioritize
  • Old Business
    • HR Resolutions
      • There was a request submitted to the provost and Mark Donavan to set up an appeals committee
    • Burwood Report
      • A summary of the report has been compiled
      • A comparison chart of different unified communication platforms was went over
      • Discussion of how best to move forward on this initiative
  • Unit Spotlights
    • BPI
      • A presentation was shared on the business process improvement services which outlined the type of work they do and projects that BPI has helped with at UIC
      • The group also does trainings such as lean concepts and facilitation skills and are working on a long term facilitator training program
    • Pharmacy
      • College demographics, rankings, etc. were described
      • The IT structure in the college was also described with notes to their teaching and learning center, and some other initiatives
  • Discussion Topics
    • ITLW
      • It was noted that Urbana is putting together its IT Leadership Workshops for summer and fall and members were encouraged to nominate people
    • SCCM Staffing in ACCC
      • It was noted that a search had been done, but failed due to there being some problems with the HR hiring process and degree requirements
      • A new search is being opened
      • Committee then discussed HR degree requirements and possible changes that can be made
  • Project and Service Updates
    • SCCM Status
      • It was suggested that further review was needed on the process of sharing services with AITS
      • It was suggested that there are a number of technical things that would have to change to allow for off campus use of SCCM
  • Announcements
    • ACCC Maintenance Weekend | March 19-20
      • Basic email will be down at one point over the weekend, communications will be sent
    • HIPAA Policies
      •  It was noted that a draft of the HIPAA policies has been completed and will go out to legal counsel shortly, and would then be shared for feedback
      • Security portion is based on the UIC security program
      • Policies should be in place by mid-May
    • Rate and Funding
      • Meeting with leadership soon for approval, will then be presented to the committee
      • Crashplan has been included in the request

InfraSec 02.10.16 Minutes

Attending:

Attending: Jason Maslanka, Ernesto Reyna (on the phone), Cynthia Herrera Lindstrom, Elizabeth Romero, Lisa Blake, Frank Cervone, Marcin Hiolski, Phil Reiter, Mark Goedert, Allen Randall, Mike Lund, Vinay Surpuriya, Mike Kirda, Bala Ramaraju, Ed Zawacki, Kevin Price, Sarah Ritch, Sandra Robinson, Kevin Shalla, Chris Barton, Sandeep Dath, Brian Ng, Therese Molina (on the phone), Miguel Martin (on the phone), Andre Pavkovic (on the phone), Josh Naylor (on the phone)

  • Subcommittee Reports
    • Digital Accessibility
      • Vendor has been chosen for athletic website
      • Accessibility improvements will be the goal of the new year
    • Risk Management/Risk Assessment
      • Developing status reports to display where each individual college unit is
      • Working with vendors to discuss vulnerability assessment
    • Security Program
      • Working on UISO annual report
  • New Business
    • Telecommunications Standards
      • Discussion on networking issues
  • Old Business
    • HR Resolutions
      • A document was sent from HR for the committee to go over
      • IT Director responsibilities were discussed
      • An advisory committee is being formed
      • A letter to chancellor is being drafted for approval on committee members
  • Web Governance
      • Awaiting a charter to be presented
  • Unit Spotlights
    • SPH
      • Noted that UIC’s SPH is the only accredited school in that field in Illinois, making it the largest
      • Different kinds of IT within the school were mentioned
      • IT goals within SCH were described
    • Office of the Vice Chancellor for Administrative Services
      • Description of what this unit does and all of the services provided by it
    • Office of the Vice Chancellor for Student Affairs/Campus Auxiliary Services
      • Explanation of what this unit oversees
      • Three branches of this unit and what each handles were described
  • Discussion Topics
    • Pharos Beacon Issues
      • Pharos issues were discussed
      • Stated that all issues were currently being worked toward resolution
    • Laserfiche Document Management/Workflow System
      • Stated that document management/workflow systems are on campus and functional but not operational
      • Systems should be operational within the next month

Discussion on these systems

InfraSec 01.13.16 Minutes

 

Attending:

Sandy Robinson, Jason Maslanka, Lisa Blake, Kevin Shalla, Frank Cervone, Andre Pavkovic, Phil Reiter, Kevin Price, Ron Fernandez, Ilir Zenku, Cynthia Herrera Lindstrom, Miguel Martin, Allen Randall, Mike Kirda, Dean Dang, Bala Ramaraju, Vinay Surpuriya, Mark Goedert, Therese Molina, Josh Naylor, Marcin Hiolski, Ed Zawacki, Sandeep Dath, Chris Barton, Kelly Block, Ernesto Reyna, Ashok Bennet, Dan Pollack, Brian Ng, Lalo Camacho, Dale Morrison, Heather O’Leary

  • Subcommittees
    • Accessibility
      • Working with vendors on accessibility issues for athletics and others
    • Risk
      • Working on updating unit status, ACCC/AITS update to risk assessment, and proposals
    • Security
      • Timeline is being pushed back due to delays
    • Digital Signage
      • Group’s relevance was questioned
      • Group’s goals were discussed
  • New Business
    • Web Governance
      • Due to concern about governing UIC’s new webpages, a new group will be set up to create a charter
      • New charter will be brought to existing group for discussion
    • Burwood Report
      • Burwood report was discussed
      • Update will be in March
  • Old Business
    • HR Resolutions
      • A more detailed response to the resolutions was requested
      • An advisory group that includes an ITGC representative will be created to work with HR
      • Discussion on representative
    • Risk Management/Assessment Proposals
      • Proposals were approved by the council and will be sent to the provost
  • Chair’s Report
    • IT Governance Council
      • Risk proposals and bylaws were addressed
    • IPSC and HIPAA
      • Discussion on HIPAA liaison role as well as different policies
    • InfraSec Planning – Services and Gaps-
      • Discussion on different approaches to identifying gaps
      • Will be addressed at next meeting
  • Unit Spotlights
    • AITS
      • Brief overview of AITS was given
  • Discussion Topics
    • Office of Procurement Diversity Presentation
      • Brief overview of the procurement diversity office’s role at the university was given
      • Discussion on how to address diversity vendors and the RFP
    • Email Rejections and O365
      • Discussion on number of UIC accounts that have recently been compromised
      • Discussion on transition to Exchange Online
    • Data Privacy and Security
      • Discussion on policies and data ownership
    • SCCM
      • Discussion of responsibility and location of the SCCM shared service

InfraSec 11.11.15 Minutes

 

Attending:

Craig Jackson, Kevin Shalla, Chris Barton, Mike Kirda, Jason Maslanka, Ed Zawacki, Vinay Surpuriya, Ernesto Reyna, Therese Molina, Lisa Blake (on the phone), Andre Pavkovic, Bala Ramaraju, Phil Reiter, Frank Cervone, Sandra Robinson, Sandeep Dath, Kevin Price, Allen Randall, Brian Ng, Mark Goedert, Stacey Valuch, Dean Dang, Ron Fernandez, Alex Phistry, Heather O’Leary

  • Subcommittee Records
    • Digital Accessibility
      • One of the units is currently having contact with the Athletic department and a vendor named Red Shelf in order to improve digital accessibility
  • Old Business
    • HR Resolutions
      • Two resolutions were gone over: implementation of job model and IT director and Academic professional
      • HR requires a formal response
      • Job model soon to be going full force
  • New Business
    • Risk Assessment
      • Presentation on status update and proposals which, if approved, will be given to the Council for approval
      • Discussion on presentation
    • Vulnerability Scanning Proposal
      • Concern voiced that this proposal only addresses two parts vulnerability, clarification requested
      • Discussion on vulnerability scanning and on payment and implementation program
      • Discussion on resources needed and those which could be relocated for this plan
      • Committee votes on proposal, it passes
    • GRC Proposal
      • Description of proposal on observation and feedback
      • Stated that Urbana and UIC will work together on evaluation
      • Discussion on evaluation
      • Explanation of IT and policy portions
      • Question on whether this tool is a GRC tool or an IT GRC tool, agreed that it could be both
      • Discussion on tool itself as well as impact on IT
      • Committee votes on proposal, it passes
    • MDM Proposal
      • Proposal is described along with its importance
      • How the tool will work on local level is questioned and met with it looks promising but needs an evaluation from ACCC
      • Number of mobile devices covered by this tool is questioned
      • Discussion on utilization of tool as well as price for amount of licenses
      • Savings by working with Urbana are noted
      • Committee votes on proposal, it passes
  • Chair’s Reports
    • ITGC Main Council
      • Discussion on WTC meeting which occurred at Council meeting
    • Information Privacy & Security Committee & HIPAA Subcommittee
      • Discusses last meeting
      • Mention of HIPAA liaison position
  • Discussion Topics
    • SCCM
      • Current SCCM shared service is addressed
      • Two outcomes were described: Urbana testing imagine and other functions of SCCM and pulling together a small group of stakeholders to look at future of service
    • IT Tech Position
      • Discussion on need for IT Tech position needing to have a degree in Computer Science or related field
      • A request is made for a small group from this committee to volunteer to represent at meeting with HR for productive discussion
      • Discussion on type of degree, citizenship status, and amount of experience required for position
    • InfraSec Planning
      • Services and Gaps planning worksheet presented
      • A request was made for spreadsheets describing services provided by each unit
    • Bitlocker
      • Discussion
    • VPN for RDP
      • Discussion on whether or not VPN for RDP was needed
      • Discussion on how the system would function after the implementation of VPN
    • NOC Purpose
      • NOC’s purpose was questioned and an explanation is asked to be presented at the next meeting

InfraSec 10.14.15 Minutes

Attending:

Lisa Blake, Kevin Shalla, Jason Maslanka, Sandeep Dath, Frank Cervone, Mark Goedert, Andre Pavkovic, Doug McCarthy, Gene Fruit, Chris Barton, Ilir Zenku, Julio Chavarria, Ashok Benet, Ron Fernandez, Sarah Ritch, Craig Jackson, Lalo Camacho, Bala Ramaraju, Marcin Hiolski, Ed Zawacki, Therese Molina, Ernesto Reyna, Phil Reiter, Mike Kirda, Ian Huggins, Brian Ng, Dean Dang, Kiseob Son, Heather O’Leary, Cynthia Klein-Banai

  • Subcommittee Reports
    • Accessibility
      • Working on UIC homepage, athletics department, and increasing accessibility to the bookstore
    • Risk
      • Colleges beginning to populate status spreadsheet with risk assessment outcomes
      • University Enterprise Risk management requested that findings go into enterprise risk report
      • Group met with a few vendors and people at Urbana looking for solutions on vulnerability scanning
      • Report was drafted for IT Governance Council
      • Suggested that a proposal be put together which would be dependent on ACCC’s capabilities
    • Security
      • Reviews from various participants were received and a detailed review is now being done before a survey for responsibility for compliance
      • Third quarter documents have been posted
      • Considering how to go about a UISO annual report
      • Discussion of implementing policy
  • Business
    • InfraSec Planning Optional Meeting – Service Catalog
      • Suggested that the committee meet to discuss priorities and get back on track with the ITGC proposal process
      • A spreadsheet for each unit to identify services that are provided and to identify gaps was sent out and asked to be filled out and returned
      • A meeting will be held to review spreadsheets and bring priorities back to the committee
      • Discussion of timeline and how to identify services
      • Goal is to identify business need more than technology itself
  • Discussion Topics
    • HIPAA and Information Security
      • HIPAA privacy and security is a subcommittee of IPSC at university level
      • BAA policy draft is being worked on and is out for review
      • Legal firm enlisted to develop enterprise HIPAA policies – group waiting on drafts which will be reconciled against current UIC IT security policy
      • HIPAA liaison role is being created for each unit under covered entity and there was discussion of how such role will work
    • Pharos Beacon
      • Suggested that Pharos Beacon is a cloud hosted product which provides organizers a way to track toner, paper, etc. usage on printers
      • Product currently in trial mode, but would be $20k a year and save money on operational costs
      • Tool goes onto devices and captures all printing data – discussion on security and privacy concerns
      • Discussion of potential costs and benefits
      • Suggested that the next step would be a security evaluation
      • Discussion of InfraSec support and possibility of broader policies being involved
    • SCCM
      • Noted that there had been some concern about SCCM service levels, private IP addresses, and support
      • Overview of current issues with the service was given
      • Suggested options for SCCM
    • IT Outreach
      • Suggested that there is a mission to provide service within UIC as well as reaching out to the community
      • Discussion of what reaching out to share knowledge and/or resources might look like considering limited resources
      • Suggestions included internships, mentorships, and it was mentioned that the college of Education offers grants
      • Discussion of how internships could work and, possibly, involve students
    • AV Vendor Performance Metrics
      • Group was asked that there be a review of vendor performance due to changes with the standing AV contract
      • Suggested to work on a document to provide feedback with data to back it up and share with purchasing
    • IT Tech Associate Requiring Bachelor’s Degree
      • Discussion of how this title requiring an IT related bachelor’s degree, even at entry level, affects hiring
      • HR will be contacted for answer and discussion
      • Project and Service Updates
    • ACCC Project Update
  • Announcements
    • Wireless Infrastructure Funding Update
      • Next buildings to receive new wireless infrastructure are CMET and SES after UH and other projects are finished
      • End of October/early November walkthroughs will begin
    • HR Resolutions Follow Up
      • HR has not yet received a response
      • Work on a mechanism for ITGC to follow up on resolution is needed