January 2023 Agenda

Meeting Date: January 26, 2023

Time: 1:30 pm - 3:00 pm

Location: Teams

Remote Attendance: Rudy Hirschheim, Craig Woolley, Andy Maverick, Elahe Russell, Alex Basse, Jacqueline Bach, Bret Collier, Kappie Mumphrey, Stephen Beck, Chad Brackin, Julie Perkins, Mo Carney, Sandi Gillilan, Tommy Smith, Matthew Laborde 

Presenters: Robin Ethridge, Katie Bouey, Sumit Jain, Ric Simmons

Others: Susan Crochet, Lesa Jeansonne, Inessa Bazayev, David Alexander, Stephen Heyward

Absent: Peter Trentacoste

 

Opening 

1. Administrative Announcements

2. Executive ITGC Updates [Craig Woolley] 

Action

3. Approval of the Minutes from the Meeting held on November 8, 2022 
 
Information/Discussion

4. Tureaud Hall Demonstration [Ric Simmons] 

5. PM-36 Draft Policy & Standards [Sumit Jain]

6. Workday Student Project Update [Craig Woolley/Robin Ethridge]

7. ITS ITGC Project List/Teams Telephony [Katie Bouey] 
 
Updates: Sub-Committees & Working Groups 

8. Education Technology Subcommittee/Moodle Survey [Jackie Bach] 
 
Wrap-Up 

9. Information sharing/Announcements [All] 

10. Suggested agenda items for future meetings, including ITS topics of interest [All] 

11. Next steps/Follow-up items [Chair] 

 

January 2023 Minutes

2. Executive ITGC Updates

Craig Woolley announced that the Executive IT Governance Council met on November 29th. He shared that the Executive Council approved a framework for creating a standardized application inventory with each institution having two months to report back via the template. He added that this would give more visibility into what software is being used across the LSU system. He also announced that the Executive Council approved an agreement ensuring each institution is able to have their policies mapped in a consistent fashion back to Permanent Memorandum (PM) 36. 

 
3. Meeting Minutes Approval

November meeting minutes were approved with no revision. Motion to approve by Alex Basse; second by Tommy Smith. 

 
4. Tureaud Hall Demonstration

Ric Simmons, ITS, gave a demonstration of the classroom technology upgrades in Tureaud Hall. He demonstrated use of the data projector, the ceiling-mounted microphone, and the camera which follows the speaker. Craig shared that the microphone is sensitive enough to pick up students in the back of the classroom. Craig also shared that the podium has a USB repeater that allows a user to plug in a laptop and access the room camera and microphone. He stated that the room has the ability for participants to connect to the display wirelessly. Craig shared that the microphone and camera are always on, adding that neither record data automatically; they merely transmit voice and video through Teams or Zoom. There was a brief discussion concerning troubleshooting the classroom technology while in use. There was also a brief discussion concerning training for the upgraded equipment. 

 
5. PM-36 Draft Policy & Standards

Craig announced that he and Sumit Jain, ITS, presented PM-36 policies at a meeting of the Research Technology Subcommittee. He gave a brief overview of the IT Policy Philosophy to the Council. He acknowledged that there will be special use cases as well as exceptions to the policies. He shared that there are external bodies such as FERPA and HIPPA that have specific IT Security requirements the University must be attentive to. Craig added that they are looking for ways to engage with faculty before the Academic Affairs approval process begins. 

Sumit presented Policy Statement (PS) 132 on System Security to the Council. He discussed Endpoint Protection such as antivirus and anti-malware and Host Based Network Protection such as firewalls. He also discussed Endpoint Application Management, Web Application Management, and Database Management. There was a brief discussion concerning the various security policy baselines or minimum requirements and configurations. Sumit also discussed File Integrity Monitoring for critical enterprise systems. He also discussed leveraging System Center Configuration Manager (SCCM) for Mobile Device Management (MDM). Sumit also discussed Removable and Physical Media as well as Bring Your Own Device (BYOD). He shared that loss or theft of personal devices used for conducting University business must be reported. He also added that the University has a right to conduct security reviews as well as remove devices that disrupt or damage the network. There was a brief discussion concerning how the University enforces the various IT security policies. There was also a brief discussion concerning public records or legal requests. The definition of data as it relates to the University, data encryption, and data that is confidential, private, and sensitive were also discussed. Sumit discussed Operating System management, including creating imaging, applying security patches, and removing assets from the network that are running a vulnerable or end-of-life OS. 
Sumit also presented PS 133 on IT and Security Operations, which includes Threat Management, Incident Response, Change Management (including cloud assets), and Enterprise Architecture. He also discussed Backup Management, Patch Management, Vulnerability Management, and Security Metrics and Reporting. There was a brief discussion concerning making the IT security policies publicly available and searchable.

Craig discussed next steps including getting further faculty input during the month of February and introducing any small changes at the next IT Governance Council meeting before voting on the policies. 

 

 9. Information Sharing 

Craig announced that the results of the Moodle survey would be available in March.