Meeting Minutes for
February 10, 2003
A meeting of the University Information Technology
Advisory Committee was called to order at 3:05 p.m. on February
10, 2003, in the Dean’s conference room at the Lyons Building
on the MCV Campus. Dr. David Sarrett, co-chair, presided. Members
present were Dr. Timothy Broderick, Dr. Lynn Nelson, Ms. Fran Smith,
Dr. James Shultz, Ms. Veronica Shuford, Dr. Phyllis Self, Mr. John
Ulmschneider, and Mr. Mark Willis. Dr. Robert Mattauch and Mr. Carl
Gattuso were absent.
I. REVIEW AND APPROVAL OF MINUTES FROM JANUARY 13, 2003
Minutes were approved as prepared.
A presentation had been given at the January 13th UITAC meeting
regarding accessible media in higher education. It was mentioned
at that meeting that WebAim (Web Accessibility in Mind) would be
happy to come to VCU and give a presentation about the subject.
The committee held a short discussion about WebAim giving a presentation
and finding ways to help defray the cost of it ($800 per day for
a two-person training team). A suggestion was made that we try to
find groups who might be willing to co-sponsor such an event if
the University decides to host one.
II. TEACH ACT
The TEACH Act was signed into law by President Bush on November
2, 2002. This law redefines the terms and conditions on which accredited,
nonprofit educational institutions throughout the U.S. may use copyright
protected materials in distance education - including on websites
and by other digital means – without permission from the copyright
owner and without payment of royalties. In order to meet the rigorous
requirements of the new law and enjoy its advantages, each institution
will need to undertake numerous procedures and involve the active
participation of many individuals. The committee agreed that the
University has to make some decisions on what to do.
At present, VCU does not have a University-wide policy on copyright.
After some discussion by the committee, Mr. Ulmschneider suggested
that the co-chairs should issue a recommendation to establish a
task force to create a University-wide copyright policy to guide
our compliance with the Teach Act recently passed. A motion to that
effect was made and seconded. It passed unanimously.
The UITAC committee would not create the policy but only make a
suggestion that it be done. Recommendations will be sent to the
provost and vice presidents.
Mr. Ulmschneider stated that NC State University Libraries has
an excellent TEACH Website with short summaries and guidelines about
TEACH. He will email the location of the site to committee members
so they can learn more about the TEACH act and its implications
without the burden of reading a long report.
III. COUNCIL OF PRESIDENTS REVIEW OF HIGHER EDUCATION IT PLAN
Mr. Willis brought everyone up to date on the status of the Higher
Education IT Strategic Plan. On January 27, the Council of Presidents
reviewed the plan and endorsed it. It will now be submitted to others.
Governor Warner told the presidents that higher ed was not funded
sufficiently and that he would try to improve that by finding more
money for them. The Secretary of Technology has been critical of
agencies running their own systems email packages, etc. There needs
to be more collaboration and probably one administrative system
for everyone. This is the path we’re moving towards in the
years to come. If people buy into the concept, it will definitely
IV. SQL SLAMMER SECURITY BREECH
About two weeks ago, the “SQL Slammer Worm” infected
computers. It started at 12:30 am on a Saturday morning and spread
throughout the world in about 15 minutes. The attack was sent from
computer to computer running SQL and infected the machine but didn’t
do anything malicious. The “worm” infected about a dozen
machines (all servers) at VCU. Staff was called in because of some
bizarre network activity going on and found out what was happening.
Following are some of the recommendations being considered to help
with this in the future:
1. Create a server registry - something we don’t currently
have. This would be a significant change in policy.
2. Change the way we manage Firewalls.
3. Build a DMZ (a network area “between” two firewalls
that is designed to support hosts that need to be seen from the
Internet) and place all Internet facing machines in the DMZ. There
would be significant changes in the network. Mr. Willis will have
to discuss this further with the network people
Mark will send the server registry proposal to the committee and
the server administrative list with a request for comments. It can
be voted on at the next UITAC meeting.
V. INFORMATION SECURITY ACTIVITIES
Clyde Laushey distributed a copy of a “Computer Abuse and
Security Incident Reporting Form” that he drafted. On the
web, there is a reporting form that anyone can fill out if they
think a security threat has occurred. We do not currently have a
structural procedure for investigating security threats. The investigation
procedure and reporting mechanisms need to be defined. The following
items arose from committee discussion:
1. The form needs to be consistent with the policy, etc.
2. Should name, phone, email be given or should it be anonymous?
“Name” should probably be mandatory and the others optional.
3. Title of the form should be looked at – maybe changed
4. What about severity? Should a button be added about severity
level – low, medium, high??
5. Should “abuse” be used?
6. Should there be multiple response mechanisms (police called and
form completed also)
Everyone will need to use the form to initiate an investigation
so there will be a record of the incident. It will be put into a
database and will be ongoing as the investigation progresses. This
is going to require education and communication. The form should
be used to report something suspicious on your computer as well
as to report something you might observe being done by someone else.
Serious offenses such as child porn or a terror threat should be
reported to the VCU police.
VI. NETWORK MANAGEMENT PROPOSALS
Internet Email Management
A policy is being proposed regarding email servers. Spam is being
bounced off of our servers, making it look as if it is coming from
a VCU computer. The policy would require departments to justify
why they are running their own email servers instead of using the
It was moved and seconded that it be adopted. The motion passed
unanimously. The proposed policy will be sent to Mr. Paul Timmreck,
Senior Vice President for Finance and Administration. He will decide
whether it merits further discussion by the vice presidents.
VII. NEW UITAC WEB SITE
Dr. Phyllis Self introduced the new UITAC website which was designed
by her assistant, Ms. Kari Scott. The committee was asked to look
it over and make suggestions for changes or additions.
VIII. OTHER BUSINESS
Question was asked about whether or not to cancel the March meeting
because it falls during Spring break. Most of the committee members
said they would be here at that time, so the decision was made NOT
to cancel it.
If the “server registry” item can be handled by email,
then the March meeting may be cancelled.
Dr. Sarrett suggested members may want to start thinking about
what will go in the next annual report.
We probably will be offering suggestions for changes to the computer
There being no further business, the meeting adjourned at 4:45