UITAC Home

Meeting Minutes

Meeting Minutes for February 10, 2003

A meeting of the University Information Technology Advisory Committee was called to order at 3:05 p.m. on February 10, 2003, in the Dean’s conference room at the Lyons Building on the MCV Campus. Dr. David Sarrett, co-chair, presided. Members present were Dr. Timothy Broderick, Dr. Lynn Nelson, Ms. Fran Smith, Dr. James Shultz, Ms. Veronica Shuford, Dr. Phyllis Self, Mr. John Ulmschneider, and Mr. Mark Willis. Dr. Robert Mattauch and Mr. Carl Gattuso were absent.

I. REVIEW AND APPROVAL OF MINUTES FROM JANUARY 13, 2003

Minutes were approved as prepared.

A presentation had been given at the January 13th UITAC meeting regarding accessible media in higher education. It was mentioned at that meeting that WebAim (Web Accessibility in Mind) would be happy to come to VCU and give a presentation about the subject. The committee held a short discussion about WebAim giving a presentation and finding ways to help defray the cost of it ($800 per day for a two-person training team). A suggestion was made that we try to find groups who might be willing to co-sponsor such an event if the University decides to host one.

II. TEACH ACT

The TEACH Act was signed into law by President Bush on November 2, 2002. This law redefines the terms and conditions on which accredited, nonprofit educational institutions throughout the U.S. may use copyright protected materials in distance education - including on websites and by other digital means – without permission from the copyright owner and without payment of royalties. In order to meet the rigorous requirements of the new law and enjoy its advantages, each institution will need to undertake numerous procedures and involve the active participation of many individuals. The committee agreed that the University has to make some decisions on what to do.

At present, VCU does not have a University-wide policy on copyright. After some discussion by the committee, Mr. Ulmschneider suggested that the co-chairs should issue a recommendation to establish a task force to create a University-wide copyright policy to guide our compliance with the Teach Act recently passed. A motion to that effect was made and seconded. It passed unanimously.

The UITAC committee would not create the policy but only make a suggestion that it be done. Recommendations will be sent to the provost and vice presidents.

Mr. Ulmschneider stated that NC State University Libraries has an excellent TEACH Website with short summaries and guidelines about TEACH. He will email the location of the site to committee members so they can learn more about the TEACH act and its implications without the burden of reading a long report.

III. COUNCIL OF PRESIDENTS REVIEW OF HIGHER EDUCATION IT PLAN

Mr. Willis brought everyone up to date on the status of the Higher Education IT Strategic Plan. On January 27, the Council of Presidents reviewed the plan and endorsed it. It will now be submitted to others. Governor Warner told the presidents that higher ed was not funded sufficiently and that he would try to improve that by finding more money for them. The Secretary of Technology has been critical of agencies running their own systems email packages, etc. There needs to be more collaboration and probably one administrative system for everyone. This is the path we’re moving towards in the years to come. If people buy into the concept, it will definitely save money.

IV. SQL SLAMMER SECURITY BREECH

About two weeks ago, the “SQL Slammer Worm” infected computers. It started at 12:30 am on a Saturday morning and spread throughout the world in about 15 minutes. The attack was sent from computer to computer running SQL and infected the machine but didn’t do anything malicious. The “worm” infected about a dozen machines (all servers) at VCU. Staff was called in because of some bizarre network activity going on and found out what was happening.

Following are some of the recommendations being considered to help with this in the future:
1. Create a server registry - something we don’t currently have. This would be a significant change in policy.
2. Change the way we manage Firewalls.
3. Build a DMZ (a network area “between” two firewalls that is designed to support hosts that need to be seen from the Internet) and place all Internet facing machines in the DMZ. There would be significant changes in the network. Mr. Willis will have to discuss this further with the network people

Mark will send the server registry proposal to the committee and the server administrative list with a request for comments. It can be voted on at the next UITAC meeting.

V. INFORMATION SECURITY ACTIVITIES

Clyde Laushey distributed a copy of a “Computer Abuse and Security Incident Reporting Form” that he drafted. On the web, there is a reporting form that anyone can fill out if they think a security threat has occurred. We do not currently have a structural procedure for investigating security threats. The investigation procedure and reporting mechanisms need to be defined. The following items arose from committee discussion:

1. The form needs to be consistent with the policy, etc.
2. Should name, phone, email be given or should it be anonymous? “Name” should probably be mandatory and the others optional.
3. Title of the form should be looked at – maybe changed
4. What about severity? Should a button be added about severity level – low, medium, high??
5. Should “abuse” be used?
6. Should there be multiple response mechanisms (police called and form completed also)

Everyone will need to use the form to initiate an investigation so there will be a record of the incident. It will be put into a database and will be ongoing as the investigation progresses. This is going to require education and communication. The form should be used to report something suspicious on your computer as well as to report something you might observe being done by someone else. Serious offenses such as child porn or a terror threat should be reported to the VCU police.

VI. NETWORK MANAGEMENT PROPOSALS

Internet Email Management
A policy is being proposed regarding email servers. Spam is being bounced off of our servers, making it look as if it is coming from a VCU computer. The policy would require departments to justify why they are running their own email servers instead of using the central one.

It was moved and seconded that it be adopted. The motion passed unanimously. The proposed policy will be sent to Mr. Paul Timmreck, Senior Vice President for Finance and Administration. He will decide whether it merits further discussion by the vice presidents.

VII. NEW UITAC WEB SITE

Dr. Phyllis Self introduced the new UITAC website which was designed by her assistant, Ms. Kari Scott. The committee was asked to look it over and make suggestions for changes or additions.

VIII. OTHER BUSINESS

Question was asked about whether or not to cancel the March meeting because it falls during Spring break. Most of the committee members said they would be here at that time, so the decision was made NOT to cancel it.
If the “server registry” item can be handled by email, then the March meeting may be cancelled.

Dr. Sarrett suggested members may want to start thinking about what will go in the next annual report.

We probably will be offering suggestions for changes to the computer use policy.

There being no further business, the meeting adjourned at 4:45 pm