Meeting Minutes for
April 9, 2001
A meeting of the University Information Technology
Advisory Committee was called to order at 3:05 p.m. on April 9,
2001, in the 4th floor conference room of Cabell Library. Dr. David
Sarrett, co-chair, presided. Members present were Dr. Gary Tepper,
Ms. Veronica Shuford, and Mr. Mark Willis. Dr. James Shultz attended
for Ms. Dianna Chinnici; Mr. Jim Yucha attended for Dr. Phyllis
Self, and Ms. Cynthia Perry attended for Ms. Barbara Baldwin. Members
absent were Dr. Timothy Broderick, Dr. Judyth Twigg, Dr. Robert
Mattauch, Ms. Lauren Russell, Ms. Seema Kumar, and Mr. John Ulmschneider.
Mr. Clyde Laushey, Information Security Officer, was also present.
I. REVIEW OF MINUTES FROM
FEBRUARY 12, 2001 MEETING
Minutes were approved as prepared.
II. ANNOUNCEMENTS
Mr. Mark Willis announced a few changes in the membership of the
committee. Dr. James Shultz, Director of Policy Analysis in Finance
& Administration, and Ms. Cynthia Perry, Director of Network
Technologies, VCU Health System, will permanently replace Ms. Dianna
Chinnici and Ms. Barbara Baldwin, respectively. Mr. James Yucha
will serve as a temporary replacement for Dr. Phyllis Self until
she returns from sick leave.
III. RESULTS of VOTE on
COMPUTER and NETWORK RESOURCES USE POLICY and NEXT STEPS
The Computer and Network Resources Use Policy was approved and will
be sent to the Vice Presidents with a recommendation for adoption.
The policy replaces the current Computer Ethics Policy, which was
approved in 1990.
IV. DRAFT ENFORCEMENT PROCEDURES
for USE POLICY
The committee was given a summary of the draft Enforcement Procedures
document. The document outlines investigation and enforcement procedures
for the new Computer and Network Resources Use policy. The Committee
agreed to review the Enforcement Procedures prior to the next meeting
and to take action on it at that time.
Mark Willis stated that he would contact the General
Counsel’s Office for feedback.
V. PROPOSED NETWORK SECURITY
STANDARDS
The Virginia Commonwealth University Information Security Policy
– Draft Standards, and Guidelines Summary was distributed
to the committee. The draft standards were developed over the past
several years and have been informal operating principles for the
central IT units. They have been reviewed by several committees
and have been out on the web site for comment. However, formal action
needs to be taken by UITAC and the vice presidents in order for
these standards to be enforced consistently across the University.
Highlights of the document were identified and
discussed. It has been organized into five sections:
1. Introduction and Security Policy Statement
2. Security requirements that all departments are expected to implement
3. Security requirements that Network Services must implement (some
of which have an impact University-wide)
4. The establishment of a VCU Computing Emergency Response Team
(VCU CERT)
5. Recommendations for the general user and additional information.
The committee was asked to look at the summary
in greater detail and to decide whether or not they wanted to review
the detailed standards as a full committee or divide into sub-committees.
Additional input will be sought prior to the next
UITAC committee meeting where a decision will be made as to how
to handle the proposed standards.
VI OTHER BUSINESS
One concern of the committee is the lack of student participation.
We will need new appointments for the Fall. For Undergraduate students,
Gary Tepper and Judyth Twigg were asked to look in their areas for
nominees who might be willing to serve.
Staff will contact Graduate Studies students who
would be able to serve on the committee.
The committee was asked to consider canceling
the summer meetings. A decision will be made at the next meeting.
There being no further business, the meeting adjourned
at 4:30 p.m |
