January 2023 Agenda
Meeting Date: January 26, 2023
Time: 1:30 pm - 3:00 pm
Remote Attendance: Rudy Hirschheim, Craig Woolley, Andy Maverick, Elahe Russell, Alex Basse, Jacqueline Bach, Bret Collier, Kappie Mumphrey, Stephen Beck, Chad Brackin, Julie Perkins, Mo Carney, Sandi Gillilan, Tommy Smith, Matthew Laborde
Presenters: Robin Ethridge, Katie Bouey, Sumit Jain, Ric Simmons
Others: Susan Crochet, Lesa Jeansonne, Inessa Bazayev, David Alexander, Stephen Heyward
Absent: Peter Trentacoste
1. Administrative Announcements
2. Executive ITGC Updates [Craig Woolley]
3. Approval of the Minutes from the Meeting held on November 8, 2022
4. Tureaud Hall Demonstration [Ric Simmons]
5. PM-36 Draft Policy & Standards [Sumit Jain]
6. Workday Student Project Update [Craig Woolley/Robin Ethridge]
7. ITS ITGC Project List/Teams Telephony [Katie Bouey]
Updates: Sub-Committees & Working Groups
8. Education Technology Subcommittee/Moodle Survey [Jackie Bach]
9. Information sharing/Announcements [All]
10. Suggested agenda items for future meetings, including ITS topics of interest [All]
11. Next steps/Follow-up items [Chair]
January 2023 Minutes
2. Executive ITGC Updates
Craig Woolley announced that the Executive IT Governance Council met on November 29th. He shared that the Executive Council approved a framework for creating a standardized application inventory with each institution having two months to report back via the template. He added that this would give more visibility into what software is being used across the LSU system. He also announced that the Executive Council approved an agreement ensuring each institution is able to have their policies mapped in a consistent fashion back to Permanent Memorandum (PM) 36.
3. Meeting Minutes Approval
November meeting minutes were approved with no revision. Motion to approve by Alex Basse; second by Tommy Smith.
4. Tureaud Hall Demonstration
Ric Simmons, ITS, gave a demonstration of the classroom technology upgrades in Tureaud Hall. He demonstrated use of the data projector, the ceiling-mounted microphone, and the camera which follows the speaker. Craig shared that the microphone is sensitive enough to pick up students in the back of the classroom. Craig also shared that the podium has a USB repeater that allows a user to plug in a laptop and access the room camera and microphone. He stated that the room has the ability for participants to connect to the display wirelessly. Craig shared that the microphone and camera are always on, adding that neither record data automatically; they merely transmit voice and video through Teams or Zoom. There was a brief discussion concerning troubleshooting the classroom technology while in use. There was also a brief discussion concerning training for the upgraded equipment.
5. PM-36 Draft Policy & Standards
Craig announced that he and Sumit Jain, ITS, presented PM-36 policies at a meeting of the Research Technology Subcommittee. He gave a brief overview of the IT Policy Philosophy to the Council. He acknowledged that there will be special use cases as well as exceptions to the policies. He shared that there are external bodies such as FERPA and HIPPA that have specific IT Security requirements the University must be attentive to. Craig added that they are looking for ways to engage with faculty before the Academic Affairs approval process begins.
Sumit presented Policy Statement (PS) 132 on System Security to the Council. He discussed
Endpoint Protection such as antivirus and anti-malware and Host Based Network Protection
such as firewalls. He also discussed Endpoint Application Management, Web Application
Management, and Database Management. There was a brief discussion concerning the various
security policy baselines or minimum requirements and configurations. Sumit also discussed
File Integrity Monitoring for critical enterprise systems. He also discussed leveraging
System Center Configuration Manager (SCCM) for Mobile Device Management (MDM). Sumit
also discussed Removable and Physical Media as well as Bring Your Own Device (BYOD).
He shared that loss or theft of personal devices used for conducting University business
must be reported. He also added that the University has a right to conduct security
reviews as well as remove devices that disrupt or damage the network. There was a
brief discussion concerning how the University enforces the various IT security policies.
There was also a brief discussion concerning public records or legal requests. The
definition of data as it relates to the University, data encryption, and data that
is confidential, private, and sensitive were also discussed. Sumit discussed Operating
System management, including creating imaging, applying security patches, and removing
assets from the network that are running a vulnerable or end-of-life OS.
Sumit also presented PS 133 on IT and Security Operations, which includes Threat Management, Incident Response, Change Management (including cloud assets), and Enterprise Architecture. He also discussed Backup Management, Patch Management, Vulnerability Management, and Security Metrics and Reporting. There was a brief discussion concerning making the IT security policies publicly available and searchable.
Craig discussed next steps including getting further faculty input during the month of February and introducing any small changes at the next IT Governance Council meeting before voting on the policies.
9. Information Sharing
Craig announced that the results of the Moodle survey would be available in March.