InfraSec 12.13.17 Minutes

Attending:

Frank Cervone, Phil Reiter, Marcin Hiolski, Ed Zawacki, Kevin Shalla, Ian Huggins, Sandeep Dath, Jason Maslanka, Therese Molina, Bala Ramaraju, Lalo Camacho, Esteban Perez, Allen Randall, Mark Goedert, Kirsten Pielstrom, Dean Dang, Ateeq Rahman, Lisa Blake, Elizabeth Romero, (Education), Dan Pollack, Ron Fernandez, Ashok Bennett, Matt Miller, Ilir Zenku, Vinay Surpuriya, Andre Pavkovic, Chris Barton, Pedro Valencia, Mike Kirda, Heather O’Leary

  • Updates from Other ITGC Committees
    • Intro
      • Noted that the chairs of the ITGC committees meet regularly to discuss what each committee is working on
    • Education
      • The Education Committee is looking at sustainable printing at UIC
      • They started by looking at how much printing is done by students and realized that students make up a small portion of printing compared to faculty and staff
      • Noted that this effort is not directly related to the Ink printing pilot, but some information for an Ink evaluation survey is being used
      • The committee is looking at a way for faculty to request tools that they may need for teaching
      • If committee members are interested in joining these efforts, they should reach out to the chair of these subcommittees
    • Admin
      • Noted that the committee has concerns about the lack of strategy for how administrative systems are handled
      • Suggested that the committee keep this issue in mind as they consider related items
  • Ongoing Reports and Discussion Topics
    • Rate and Funding
      • Noted that the Rate and Funding Committee met to discuss the FY18 rate and how ACCC is calculating the rate
      • FTE accounts were questioned
      • ACCC is working to develop long-term plans for the rate in furfure years
      • Suggested that the committee is largely composed of admin/finance people and should include more T staff to consider strategy and what services are included in the rate
      • Suggested that there is not consensus between the departments on how to decide what is included in the rate and how funding is provided
      • The committee had some discussion on how costs beyond the FTE rates will be covered
      • There are concerns about transparency around central funds and what they are being applied to
      • Suggested that this issue must be addressed for FY18, but there is some urgency since the FY19 rate is already being prepared
      • The purpose of the committee and how they are working to set a rate was questioned
      • Suggested that the rate has been aimed at covering current service costs
      • Noted that more work needs to be done to consider long term needs and service priorities
      • Suggested that the charge of the committee is not well defined
      • Further discussion on the role of the committee and how to decide what goes into the basic bundle
      • Suggested that IT Governance should be the group determining what goes into the basic bundle
      • Suggested that the InfraSec committee should review the ACCC service catalog
      • Suggested that the rate and funding committee should be formally integrated into the IT governance structure
      • Concern was expressed about who decides what is in the bundle and how InfraSec can address this issue
      • Suggested creating a subcommittee to work on this
      • The basic bundle list will be sent out to the committee
      • Noted that the hospital has a different rate from the rest of UIC
      • Motion to create a subcommittee to review the basic bundle of services for rate and funding, seconded, no oppositions voiced
    • Azure/AWS/POC
      • Suggested that the cloud services are not ready yet
      • Meetings have been conducted with representatives from each university to discuss how to rollout these services
      • Noted that there are unresolved issues around billing
      • Discussion of billing models and what they might look like
      • Suggested that subscriptions will be set up for each unit and there will be policies around how the services can be used
      • Suggested that there is not a launch date set, but the project is in feasibility
      • The contract goes for two years starting in October
      • How to get involved in pilots/use cases was questioned
      • Suggested that once the portal is available volunteers will be asked for
      • Suggested that units need to plan for the future rather than wait for services to be made available
      • Suggested that units begin training on these services now to prepare to use them in a year
      • Discussion of training opportunities
      • Suggested that ACCC is working to set up a billing system that allows the bill to go straight from the vendor to the client
      • A general timeline on when these services will be made available was requested
    • 2017 HIPAA Audit
      • A brief overview of the HIPAA compliance of the HSCs was given
      • ACCC is working with IT directors in those units to address audit findings
      • Suggested that the end point management discussion is relevant to one of the findings and that the security program addresses many of them as well
      • Noted that, for units outside of HSCs, there will be changes that affect them
      • Discussion of audit process
    • Project Reporting
      • Requested greater project visibility on the committee
      • Suggested that the committee should not get involved in operational issues, but should help set strategy
      • Discussion of what the committee would like to see
      • Further discussion of how to improve the committee’s understanding of how ACCC resources are being used
      • A new report will be drafted to address committee concerns
    • AITS Realignment
      • Noted that there were a number of working groups formed by AITS that looked into what it would take to reallocate specific resources from AITS to the universities
      • The working groups created proposals which are being considered by the CIOs
      • Suggested that, if the proposals go forward, a number of services would come to ACCC
      • Discussion of how these changes might affect ACCC and UIC
      • Noted that the proposals were reviewed by the IT Leadership team in detail, but there is still more to be considered
    • Security Policy Rollout
      • Noted that the subcommittee did not meet due to the UISO meeting
      • Suggested that there have been issues about how consistently security training has been implemented across the university
      • It was asked how best to collectively provide for better support for training
      • Suggested that ACCC centrally manage training for consistency
      • Suggested that deadlines can be set and Audits enforce compliance
      • Further discussion of how training can be improved
      • Suggested that there need to be consequences for those who do not complete training on time
      • Suggested that ACCC will set a date for units to roll out training
      • Questioned how consequences used for not completing other trainings coul be used for security training
    • End Point Management
      • Suggested that the committee is evaluating a number of systems and working to get it down to three to share at the next meeting
      • KACE and Kaseya are possibilities
      • Some features of the different options
      • Suggested that there is an evaluation form being used for each option
      • Noted that a decision must be made urgently
  • Announcements
    • Exchange Migration Deadline
      • Noted that the deadline for migration has been extended to January 29, 2018
      • More deadline communication will be going out soon