Call to Order and Approval of Minutes (5 minutes)
Meeting was called to order and minutes from the June meeting were approved as received.
Meeting was called to order and minutes from the June meeting were approved as received.
Action Item 42 from IT Strategic Plan involves creating enterprise/university-wide role-based access control solution. This is being driven by compliance requirements (managing who has access to what information), and by a desire to make access control process more efficient (reducing cost of administrating process, and cost of inefficiency to the university). There is currently not a consistent way that people are granted access to systems). We are trying to build the functionality in such a way that the business value of it will encourage adoption. We are planning to build the framework initially with the Kuali suite. The council discussed the goal, challenges, possible approaches, and potential benefits.
Jacob gave an update on the progress of the passphrase expiration project. Showed a chart of the progress. Users currently being forced to change are at the 9-11 yr. password age range. We started the project with approx. 272,000 people whose passphrase/password was over 2 years old. We’ve got that down to 242,000 (represented almost entirely by faculty and staff). The number of faculty/staff with passphrases over 2 yrs. old has dropped by over 65%. Local IT Professionals have been a huge help. We will continue shortening the age of passphrases/passwords by one year each week, until the Support Center load gets too high, and will then start bisecting years. Have heard little negative feedback. We plan to have all passphrases changed by the end of the year. Interesting takeaways - Asking people to change their passphrase over the last two years was not effective (and was not differentiated by any apparent demographic).
The Cisco Iron Port product or Cisco Registered Envelope Service (CRES) has been scanning message content for sensitive information and automatically encrypting messages above a set threshold for sensitive information (and also manually tagged messages). Merri Beth worked with the Messaging Group to start looking at the CRES stats and has contacted the top 5 people each month who had messages encrypted (but did not manually tag them) for educational purposes.
Tom will send an update via email.
Next meeting January 23, 2013.
Tom to send an update on top five gaps to Council members via email.
October 22, 2012
1-3pm
Poplars 017, Video Bridge 223739
Tom Davis (Chair)
Merri Beth Lavagnino (Co-Chair)
Eric Cosens (staff)
Jim Kennedy
Mary Frances McCourt
Dan Rives
Jacob Farmer (guest
UITS Identity Management)
Marsha Gonzales
Jeff Lambright
Philip Cochran
Michael Gardner
Joan Hagen
Kim Milford
Joe Scodro
Chris Viers
Doug Wasitis