Meeting Minutes for
November 11, 2002
A meeting of the University
Information Technology Advisory Committee was called to order at
3:10 p.m. on November 11, 2002, in the 4th floor conference room
of Cabell Library. Dr. David Sarrett, co-chair, presided. Members
present were Dr. Timothy Broderick, Dr. Lynn Nelson, Ms. Fran Smith,
Dr. James Shultz, Dr. Robert Mattauch, Dr. Phyllis Self, Mr. John
Ulmschneider, and Mr. Mark Willis. Ms. Veronica Shuford and Mr.
Carl Gattuso were absent.
I. REVIEW AND APPROVAL
OF MINUTES FROM OCTOBER 14, 2002
Minutes were approved as prepared.
II. PROPOSED REVISIONS
TO INFORMATION SECURITY POLICY
Mr. Willis distributed a three-part handout consisting of:
1. Information Security Policy draft dated 10/18/02
2. VCU Security Policy Implementation Procedures draft dated 10/18/02
3. Computing Emergency Response Team (CERT)
He reminded the committee that the original Information
Security Policy was approved about one year ago. The policy was
forwarded to the Vice Presidents at that time. There were several
parts to it then and that policy has been incorporated into the
current draft Information Security Policy.
Mr. Willis pointed out one change in particular,
which had previously been in the “procedural” part of
the document and is now proposed to be in the actual “policy”
document. That change is the last full paragraph on the second page
of the Information Security Policy draft which states “Procedures
to enact the requirements of the security policy are provided in
the Related Documents section below. Failure to comply with this
policy and related procedures will be considered a violation of
the VCU Computer and Network Resources Use Policy.”
The committee reviewed the draft document, and
discussion included the following:
• A suggestion that the list of dangerous services (network
prodicols) be eliminated and a statement added to the effect that
the “dangerous services items” would change as needed.
• Departments be prohibited from running their own email system.
The committee felt they should be run centrally.
• The name of the document should be “Information Security
Policy and Procedures.”
• Rather than including all the revision dates for each section,
the committee agreed that ONE date should appear when a section
is revised and a backup copy kept with all the actual revision dates
for the section on it.
• Web sites will be referenced for the changes.
• The Incident Reporting section of the Computing Emergency
Response Team document was significantly reduced. Dr. Self asked
if it was clear than ANY kind of computer abuse type situation could
be reported through this mechanism, and the committee agreed that
it was. It was suggested that a statement referencing this should
be added to the VCU Computer and Network Resources Use Policy Enforcement
Procedures document but the document would not need to be re-sent
to the Vice Presidents.
After discussion, it was moved and seconded that
the changes to the Information Security Policy be accepted in the
new format and the document be sent to the Vice Presidents.
III. STATEWIDE IT COLLABORATION
EFFORTS
Mr. Willis stated that although higher education was previously
exempted, we have now been asked to draft a plan which probably
will be due within a year. We need to demonstrate that we can make
the most out of every dollar. In the future when the economy does
turn around, if we can come forward with plans that we can cooperate
and collaborate, those are the plans that will likely be funded
by the state. Several different areas are being considered for collaboration:
a. Purchasing is one of the main areas being looked at. VASCUP develops
cooperative contracts that any institution can use and usually offers
better deals than the state contracts.
b. Certain contractors will be recommended for particular purchases
and state schools should use that contractor. This area probably
has the highest potential for cost savings but is fairly controversial.
c. Network management should band together to allow access to high-speed
networks.
d. Administrative systems should join collaborative groups and run
the systems from one institution.
e. Backup and disaster recovery.
f. Investigate course management systems that could be shared across
the Commonwealth, for instance the Community College system and
VCU might be able to work with Blackboard and design something.
IV. TOP IT INITIATIVES
FOR 2002-03
• AIT
AIT’s focus is on improving email, with the number one priority
being to get virus protection on all email systems. Other initiatives
include replacing the VCUCard Systems, server management, network
improvements, directory services, disaster recovery and telephony
• AT
AT’s strategic initiatives include enhancing the Student Computer
Initiative; providing high quality support to the VCU web; enhancing
Blackboard as the course management software of choice at VCU; operating
and maintaining a centralized server to support academic pursuits;
providing a centralized computer help desk; providing access to
high-end technology in all centrally-controlled classrooms and computer
laboratories; providing research computing support for faculty and
students; investigating and pioneering the use of technologies for
the effective delivery of education content in traditional classes,
online classes and in distance education; development of a prototype
VCU Portal; and collaborating with AIT to develop an enterprise
directory.
• Libraries
Due to lack of time, Dr. Ulmschneider will discuss the Libraries’
initiatives at the next UITAC meeting.
V. TEACH ACT
The Teach Act will be discussed at the next meeting.
A comment was made at the beginning of the meeting
regarding the UITAC Annual Report. Mr. Willis stated that it had
NOT been taken to the vice presidents yet. Mr. Timmreck believes
the proposed increase in membership will cause the committee to
be too large and unmanageable, although he did think it was a good
idea to have representatives from the faculty and staff senates
on the committee.
After discussion, the members came to the conclusion
that the committee had been an effective forum in working on policy
(Computer Use Policy, Enforcement Procedures, Email Guide, Patriot
Act, etc.). They determined that the committee needs some way to
drive structural change. Mr. Willis, Dr. Self and Mr. Ulmschneider
know what other institutions look at and should bring some comparative
data to the next UITAC meeting for discussion. The committee will
then be able to make a recommendation as to how to proceed and can
present it to the Provost, Mr. Timmreck and Dr. Kontos.
There being no further business, the meeting adjourned
at 4:45 pm |
