EDUCATIONAL TECHNOLOGY ADVISORY
COMMITTEE
ATTENDEES: David
Gillett, Duncan Graham, Beth Grobman, Scott Heffner, Stan Judkins, Judy
Mowrey, Fred Sherman, Alex Swanner, Tim Woods
GUESTS: Lesley Noone,Sharon
Luciw, Chien Shih
Convened: 12:45pm
1. APPROVAL OF THE MINUTES (Fred)
· Minutes
will stand approved as posted
2. GENERAL NEWS (ALL)
· Beth was happy to be a part of the survey, sent
out by Bob Barr, asking what she would like to see in the new system that
is replacing MAUI
3. HARDWARE/SOFTWARE STANDARDS (Sharon)
· Apple laptop speed went up and the price went down
· Change
to the individual printer model
· Big
discussion about Meeting Maker & the Leopard operating system and how
they don’t play nice together
ETS is looking at the appropriate options
that will impact the district and the ETS staff the least
No suggested path yet, still researching
options, cost and time line
· Duncan
inquired about adding a third layer to the standards to accommodate such
groups as the Math My Way program
Laptop requirements for this program are
far below the district standards and considerable less expensive
According to Sharon if computers are refreshed
at twice the rate of the standard computers, you loose savings in staff
time
Can looked at as an option – computers
for labs are considered on a one-on-one basis
Fred suggested that Duncan collect all his
information and make a presentation at the next Hardware/Software Standards
Committee meeting – Sharon will invite him to the next meeting
· The
district standards can be found online
4. SPAM FILTER UPDATE (Chien)
· Going to implement, within Central Services, the Abaca
spam filter starting April 25th
Will do testing for approximately one month, gather
feedback, do an analysis on the results, followed by one more month of
testing
· June 30th is the planned date to go live
for the remainder of the district
5. ENCRYPTION BETA TESTING UPDATE (Sharon)
· No new update
· Will
try to have an update by the June ETAC meeting
6.SECURITY PROCEDURES (Fred)
A.
Where Do We Go From Here?
· Fred
went through the document to highlight where changes had been made
The first area of change was to the definitions
in section B. Directory Information (FERPA Definition): (p1)
Took the language, in the first version,
straight out of the FERPA bill– not the most user-friendly language – so
tried to clean it up a little and make it clearer
E. Computer-Based Information System: (p2) – tried
to clean up the first version since it was so confusing
I. Control Records: (p2) – first version
was confusing so removed some text as well as added some text
Records that talk about how a computer based
information system, that contains personal information (this does not include
every computing system that we have), gets identified technically on the
network
Responsibilities A. Lead College Authority
Has Oversight Responsibility To: (p2 – p3)
Made some significant changes to this area
Tried to simplify and reduce the tasks that
the Lead College Authority has to do, still keeping the control at the
college level and not trying to centralize it
Since Jeanine had some concerns about this
area and she is not present at this meeting, Fred will call her to go over
the changes that have been made
Her concerns were that this was too onerous
and it put too much responsibility on someone at the college to perform
Last bullet – would be good to reference
the law that pertains to the time frame in which notification needs
to be done
B. The
System Manager Has Responsibility To: (p3)
Describes what the system managers responsibilities
are – someone on the technical end of managing a computer based
information system
May not be all systems at the college – but
those that contain personal information
Incident Response Process (p3) – the
process that you follow when information has come to someone’s attention
that a breach of personal information has occurred on one of our district
owned assets, i.e.:
Could be someone configured a server in the
wrong fashion and someone was able to get into the Internet
Could be someone lost a thumb drive that
had personal information on it
· Duncan ask if the procedures covered laptops that individuals
are using
Covers them if they are keeping personal
information on them
Since there is a board policy that covers
the use of computers, it should be referenced in this document – should
be included in D. All Employees Have Responsibilities To
· Tim
ask if we track all system Mac addresses, so if a laptop gets stolen we
can ban that Mac address from the network, or do we have a need to, based
upon the configuration of the network?
Sharon didn’t think that we did, but she
would ask John Vandercook
Need to look into a good monitoring tool
to help discover all assets out on out network, including Mac addresses
· Scott
ask what happens over the weekend
Should contact the district police, because
they know how to get a hold of ETS
There will be language inserted into the
document to cove this issue
· Scott
mentioned that there are security devices that can be added to a laptop
to enable tracking
This would add a considerable amount to the
cost of a laptop and the monitoring service is not cheap
More sophisticated systems use a GPS, which
costs even more
Need to think more about the data as being
the asset verses the actual physical device
– and what are we doing to prevent the theft of that data?
This can be done through encryption
· Scott ask if we shouldn’t also protect the employee
ID # in the same manner as a students ID #
The law says you must notify individuals
if any of the following areas have been disclosed:
Social security number
Driver’s license number
Financial account or credit card number in combination
with any password that would permit access to the individual's financial
account
Medical information
FERPA (which goes under the student area)
has all of the above stuff including the personal identifier, simply says
you must protect this information. There is nothing in law that Fred could
find that says you must notify the students that this information has been
inadvertently disclosed
Currently writing these procedures for the
district, it will reflect things that are in the law that we must follow,
and we can choose to add additional restrictions
Currently have to protect personal information
of students but we don’t have to disclose it
Scott brought up the issue of also protecting
the employee personal identification number
Currently we are not going to notify students
if their information as listed in the second bullet in this section is
disclosed
We are not going to identify employees at
all if their employee Id # is disclosed nor is there anything is this document
that says anything about safeguarding it, but can be added
If any employee is also a student, their
Id # is the same
Need to differentiate between protected and
notified
· F.
Notify Individuals Whose Personal Information Has Been Compromised: (p4-5)
most of this information comes straight out of the legal requirement to
notify people
· The
last part of the document is a set of references (p6) and another area
topic that talks about what we might cover in best practice documents and
then examples of the areas in which the colleges have responsibility for,
which goes back to the discussion with regard to the lead college authority
· Last
two items would probably not appear in the document but are put in for
clarification while going through the discussion
· Fred
will make all changes to the document and bring it back to the committee
for a final review
The hope is to ratify the document at the
next ETAC meeting and then go through the other processes to get this put
into policy
7. FUTURE AGENDA ITEMS (ALL)
· None
were brought up
· If
you think of an item before the next meeting, contact Fred or Pam Eberhardt
by e-mail
8. ADJOURNMENT
· Adjourned:
1:55 pm
Next Meeting: Wednesday, May 21, 2008, 12:30 – 2:00, via video
conferencing
|
