Home »University Information Technology Steering Committee »2020

February 5, 2020

Date/Time
Wednesday, 02/05/2020
Location
Wayne A. Reaud Building Room 312
Submitted By:
Michelle Morrison
IT STEERING COMMITTEE MEETING MINUTES
WEDNESDAY, FEBRUARY 5, 2020
WAYNE A. REAUD CONFERENCE ROOM 312
10:00 A.M.

  

PRESENT:  Dr. Arne Almquist, Dr. Priscilla Parsons, Dr. Larry Osborne, Vicki McNeil, David Williams, Dr. Brenda Nichols, Dr. Jerry Lin, Juan Zabala, Dr. Joe Nordgren, Jeremy Alltop

ABSENT:  Charla Pate

SPECIAL GUEST:  Srinivas Varadaraj

 

The meeting was called to order at 10:00 a.m. by Priscilla Parsons.

 

APPROVAL OF MINUTES:

  • Minutes will be addressed at the next meeting due to not being able to obtain the minutes from the latest meeting that was held.

 

ANNOUNCEMENTS: Priscilla Parsons

  • Per the recommendations put forth in the IT Strategic Planning process regarding governance, this committee was co-chaired by the Provost and the Vice President for Finance & Operations but will now be co-chaired by the Vice President for Management Information & Analysis and the Vice President for Information Technology.
  • Everyone introduced themselves due to changes of a few committee members.

 

AGENDA ITEMS:

  • Tableau:
    • Arne Almquist
      • Day by day student headcount can be tracked back three years
      • There is a substantial increase in enrollment this year for Lamar University
      • Data can be downloaded into an Excel spreadsheet
      • Ellucian Analytics Project – 219 Tableau tiles with data from HR to students
      • Will be able to customize the tiles 
  • Ellucian Analytics Project
    • Priscilla Parsons
      • Continuing on Ellucian Analytics: Rollout began with HR, then Finance, and we will soon begin student
      • Working with Ellucian development team with issues on data validation
      • Verifying data with HR and believe we are in the final steps with Finance
      • Bulk data load – Taylor Stephenson has started first round of student data loads
      • Data management and cleanup will be ongoing
      • MIA will manage the access 
  • Data Literacy:
    • Arne Almquist
      • Users need to better understand data concepts, including when to use a particular source, which data is more reliable, etc.
      • Working to build the abilities of our analysts to be able to ferret out your requirements
        • Juan Zabala
          • Concern about data being downloaded into an Excel spreadsheet from Tableau and shared with someone who does not have the license to look at the data
        • Arne Almquist
          • This is a policy issue that will be discussed one on one later
        • Vicki McNeil
          • How much is a license and how do you get one?
        • Arne Almquist
          • There are two licenses available…contact Greg Marsh for more information 
  • Proposed IT Policies
    • Priscilla Parsons
      • Information Security Incidence Management Policy handout was distributed
        • Required by the State of Texas
        • Assign authority to manage the cyber security incident to the Information Security Officer
        • Sets responsibilities for the work that is done within that Incident Management Process
        • Certain incidents are required to be reported to the State as required by Texas Administrative Code
      • System and Service Acquisition Policy was distributed
        • Review and revision of existing policies – Review of the Acquisition of Technology and System and Service Acquisition Policy
        • Indicates roles and responsibilities for the CIO or the IRM
        • Previsions around the requirement to have compliance reviews completed before technology is acquired
        • Extends to applications and technologies that are developed on campus
      • Security Awareness Training Packet was distributed
        • All faculty and staff must be trained by Mid-June using an Information Security Awareness program that has been certified with the Department of Information Resources
        • Role based training coordinated through the Information Security Office
        • Training upon initial employment and thereafter – extends to vendors, contractors and temporaries
          • Juan Zabala
            • Who will manage who receives the proper training?
          • Priscilla Parsons
            • The Information Security Office will evaluate
        • Provided matrix shows which course(s) each employee must complete
        • Some employees may have to take more than one course depending on their role
        • Will be meeting with HR tomorrow to go over tracking methods
          • Jerry Lin
            • A question about ITAR
          • Priscilla Parsons
            • This is awareness training only
        • This training can be previewed by committee members and it will count toward your requirements
          • Vicki McNeil
            • Do the employees self-identify which training they need, or will HR and IT decide that?
          • Priscilla Parsons
            • IT will determine the broad categories, though departments will know more about what each individual does or has access to
            • IT will work with HR and the Vice Presidents 
  • Data Loss Prevention
    • Srinivas Varadaraj
      • Data Loss Prevention handout was distributed
      • “You can’t protect what you don’t know exists”
      • Attempt to provide data loss prevention relies on detecting where the data is and applying technology to protect the data
      • 2 focuses: detection in email streams and data on workstations
      • Defined Data is information such as social security numbers, credit cards, driver’s license numbers
      • Institutional Data is Lamar IDs, passwords, academic history
        • Priscilla Parsons
          • Decision point for email scanning – 3 approaches
            • Monitor and report on emails containing confidential information
            • Notify of alert of confidential information
            • Blocking because it likely contains confidential information
            • Where do we start as an institution?
            • Recommend starting with at least notification, ultimately getting to the block phase
        • Vicki McNeil
          • Are these referring to emails going to another Lamar employee or off-campus?
        • Srinivas Varadaraj
          • Both – email is one of the most targeted vectors, protected by password alone
        • Jeremy Alltop
          • Arguments against blocking:
          • There is still a need to be able to do business, we should not resort to faxing, but I appreciate the warning to raise awareness
          • Could be in a deadline situation and cannot transmit something due to no one being available to help me after hours
        • Vicki Ward
          • Does the notification go to the employee only or the supervisor also?
        • Priscilla Parsons
          • Right now, immediate notification goes to employee sending email
          • Potentially able to report to supervisors about behavior in areas
        • Juan Zabala
          • Amount of data should also be taken into consideration - one credit card number versus thirty
        • Jeremy Alltop
          • Due to sense of responsibility, request to provide executive level reporting
    • Data-at-rest (DAR)
      • With more storage, we tend to keep more information, making the university more liable
      • Spirion provides a dashboard that automatically searches your computer, so you can remove unnecessary data
        • Arne Almquist
          • Before dumping data, contact the university records manager to find out if it needs to be kept
        • Priscilla Parsons
          • Looking for permission to extend this tool beyond HR and Finance into other Administrative areas
          • Looking to encrypt laptops and desktops, shielding us from a large amount of liability
          • Determine if confidential information is an official record, if not, why do you need it?
          • If so, it needs to be stored accordingly as a record and be encrypted 
  • Decision
    • Priscilla Parsons
      • Do we have a decision on email filtering?
    • Everyone
      • Agreed to notifications of confidential information
    • Vickie McNeil
      • Are we going to notify employees of this policy? In simplified terms with examples?
    • Priscilla Parsons
      • Yes, we can also test a small group before implementation 
  • New Desktop Device Management
    • Priscilla Parsons
      • Client Management Tools handout was distributed
      • CMT is a tool for managing computers such as desktops or laptops but may be used to manage mobile devices
      • Primary purpose is to apply patches, install and update software and inventory licensed software
      • CMT allows these processes to be automated for efficiency, accuracy and completeness
      • Benefits include:
        • Security – email and desktops are common targets
        • Confidentiality – data and files, no personal data is scanned
        • Reliability – quickly receive updates and patches with little interaction from user, custom schedules can be requested
        • Time efficiency – campus-wide software can be installed without a technician, or remotely
        • Management Information – dashboards and reports provide current state of computers
      • Microsoft System Center Configuration Manager (SCCM) will manage LU Windows-based computers
      • Microsoft InTune will manage LU mobile devices – if lost of stolen, data can be wiped clean remotely
      • The “client” runs in the background and does not interfere with operations of that computer
      • Central IT will administer on the administrative computers, will be working with Deans to appoint who will manage the desktops in their area
      • Recommended Schedule:
        • IT Pilot has been installed on all IT desktops, has pushed one patch cycle
        • Internal marketing/communication materials
        • Administrative computers (client only by mid-February – no patching) – no Windows 7 (probably still about 200 computers, in academic arena about 1,000 still have Windows 7) with two-week exception period
        • Academic computers (by end of Spring term) with two-week exception period
      • Have been working directly with Microsoft with a dedicated service engineer
        • Jerry Lin
          • Will this system manage computers that log in locally but are not directly connected to the network?
        • Srinivas Varadaraj
          • Yes and no…local login will have an account that becomes part of the domain and becomes visible
          • Would like to move forward with Administrative roll-out per the schedule

 

QUESTIONS AND CONCERNS:

  • Brenda Nichols
    • After looking at all the University committees and councils, this area has three separate committees that seem to overlap, should two or more be combined?
      • IT Steering Committee
      • Academic IT Computing
      • Information Security Committee
  • Pricilla Parsons
    • An Administrative Computing Committee has been newly recommended as well
    • This does need to be reviewed
  • Jerry Lin
    • IRC – surveys that are being done or requested - can we have an approver?
  • Priscilla Parsons
    • More information is needed, and this will be dealt with personally

 

ADJOURNMENT: 

  • The meeting was adjourned at 11:05 a.m.

 

NEXT MEETING: 

  • Wednesday, March 4, 2020