ITS Strategic Planning: VP Sudhakar shared that the ITS team is currently undergoing a strategic planning process and asked the committee for feedback. He also announced that a Faculty Forum would be taking place after the Faculty Senate meeting on November 24th. The committee also discussed different ways they could provide feedback and different roles that can be taken in regards to the process. An update on the process will be provided at the next IT Governance Executive Committee meeting.
ITS Disaster Recovery/Business Continuity Draft: Michelle Behne from the office of Information Security and Emerging Technologies presented draft documents regarding campus notifications for planned and unplanned incidents. The team is trying to improve efficiency by expanding the number and types of tools that can be used to communicate across campus when incidents occur.
Faculty Forum/Survey: As a part of the ITS Strategic Planning process, a Faculty Forum is scheduled to take place on November 24th immediately following the Faculty Senate meeting. Additionally, VP Sudhakar shared with the committee that a faculty survey has been sent out to collect feedback that will aid in the development of the ITS Strategic Plan.
Identity Finder: The group discussed the Identity Finder software and the specifics for the deployment across campus. The team has worked with the Chancellor’s Office and the Union to make sure that communication to the campus will be clear.
Administrative Access to Desktops: ITS along with the college deans are working collaboratively to mitigate the Chancellor’s Office Audit finding regarding administrative access to desktops. The recommendation from the audit was to move away from blanket access and instead restrict this access to those who actually need it. ITS is currently working with the college technicians regarding this issue.
Campus Online Directory: ITS brought forth a proposal to streamline the process of on boarding and change the campus phone book from a “phone record” to a “people record” (aka an enterprise directory), making it an official campus directory. Feedback was requested from the group in order to be ready in a month to go live with the new campus website.
Campus-Wide Ticketing System: ITS presented a rough draft of a pilot centralized service fulfillment system within ITS departments that would then work with other divisions and colleges to standardize on one system over the course of 2-3 years. A subcommittee will be formed to streamline and address the issues.
Information Security Audit Recommendations Campus Efforts on Compliance (Presentation) – Javier Torner stated that the team wants to send the final report to Michael Zachary by September 11th in order to meet the CSU Auditor’s deadline of September 18th. He referred to the presentation to discuss the closed/completed audit findings: Web Application Development, Incident Reporting and User Access Privileges. Javier also discussed an assessment procedure for resolving the findings for Information Security Oversight and Inventory of Protected Data. It includes a memorandum to the campus MPPs, and assessment certification of sensitive data and an assessment tool for sensitive data. These documents were distributed to the group. Javier’s team wants to send the tool out on August 19th if the Executive Committee approves.
He also asked for feedback on the language of the memorandum. Tatiana Karmanova asked for clarification on the language. Sam stated that the TAG group already has a copy of this document. Larry Rose suggested changing the language from the implied “all” to “to the best of my knowledge.” He also asked for clarification on the type of risks accepted in this memorandum. Group consensus was that the language needed to be clearer on what people are agreeing to.
Cesar Caballero asked whether there was a procedure in place to encrypt sensitive data related to their clients. Sam emphasized that the concern lies in having sensitive date in separate databases. He also added that the upcoming roll out of Identity Finder will address the issue of having sensitive data stored on computers.
Javier continued stating that there is also a plan in place to address the finding related to Information Security Governance. He added that for the Desktop Software Management finding, awareness is key and that it will help protect intellectual property. A vulnerability management program, expected to be completed in December 2015, will address the corresponding finding. Lastly, a procedure for log reviews has been incorporated in the Incident Management Standard currently under review by the ISET subcommittee for approval on September 16, 2015 at 9:00 am.
The group discussed Identity Finder and Sam stated that this tool was released to us in December and implementation is in progress. This tool will scan for social security numbers on your computer and can be used by campus departments to control areas of risk. ISET will run periodic scans and will notify users. The tool shreds documents containing the information and can also scan emails.
Identity Management System Account Creation Status- Sam has been sending emails out for users to reclaim their accounts. The 90-day deadline has been pushed back. The group requested a list of users who have not reclaimed their accounts in order to encourage them to do so. Additionally, asked Sam will share a sample email to send out. The ITS team will look at the calendar in order to establish a new deadline that will not impact the campus.
ITS Strategic Planning: Sam stated that ITS is kicking off their Strategic Planning on September 1st. They are currently conducting an environmental scan and are hoping to have a finished product by December 31st.
Information Security Audit Recommendations Implementation: The Executive Committee discussed ways the deans and ITS could work collaboratively to mitigate the audit findings regarding desktop user management and software updates. VP Sudhakar will bring back process recommendations to the next meeting.
Blackboard Planned Downtime: ITS brought forth a request for Blackboard maintenance on Friday, July 17th. The expected downtime for the server update is from 2 a.m.-5 a.m. The maintenance was approved unanimously as it would take place at a time of very low traffic.
Director of Distributed Technology Services Search Process: Initial search committee meeting will occur in the next few weeks. Rationale behind this new position is to have them work directly with the appointed lead technicians from each college. The director will serve as the liaison between the colleges and ITS for centralized IT initiatives and projects.
ATI Coordinator Search Process: Initial search committee meeting will occur in the next few weeks. This new position will coordinate the efforts of the ATI Initiative: web accessibility, procurement and instructional materials.
Announcements: AVP Gerard Au announced that there are now almost 40 Powermat stations installed on campus. The charging rings are also already available for check out.
ITS Efficiency Proposal: VP Sudhakar has proposed a new position within ITS, a Director of Distributed Technology Services (DDTS) that would serve as the liaison between the college technicians and ITS. The ITCs will work with the DDTS on campus-wide, standardized and centralized projects. VP Sudhakar has had discussions with the various deans to explain that this position will focus on the needs of the different colleges.
E-Mail Policy and Electronic Communications Policy Revisions: These two policy revisions draft were presented to the committee and are pending further discussion. There are also a few minor proposed procedural changes to the policies They will be taken to Administrative Council in the fall.
Commodity Bulk Purchase Timelines: The committee was updated on the Dell commodity purchasing proposal presented last month. VP Sudhakar announced that ITS is working with Dell to build a storefront where departments/colleges will be able to place their orders.