TopTable_r1_c1: Building Community Excellence Site Link
General District Information Business Services Human Resources Operations and Maintenance Purchasing Services Foothill-De Anza District Foundation Technology Services Research Services
Foothill De Anza
leftcurve1:
leftcurve2:  
 

ETAC home

Members

Meeting Minutes

Agendas

Subcommittees

Policies

ETS Home

  
Fast Answers  
faqs Finding a job Employee QuickHelp Doing Business Community Interest  
 
 

  ETAC Committee

November 21, 2007 Minutes
 

EDUCATIONAL TECHNOLOGY ADVISORY
COMMITTEE

11/21/2007, 12:30-2:00 pm

ATTENDEES: Beth Grobman, Jeanine Hawk, Scott Heffner, Mike Murphy, Jerry Rosenberg, Fred Sherman

GUESTS: Chien Shih

Convened: 12:38pm

1. APPROVAL OF THE MINUTES (Fred)

· Will approve minutes from October 17th, 2007 and November 21st, 2007 at the next ETAC meeting

2. GENERAL NEWS (ALL)

· All vendor demonstrations for EIS are over
· The question was raised about the start time for ETAC meetings

Because of the Round Table meetings on the FH campus, Mike would like the start time moved to noon
An e-mail will be sent out to all ETAC members to determine if the start time for ETAC can be moved back a half hour to 12:00 noon

· There was a discussion over the December 19th ETAC meeting

An e-mail will be sent out to determine if enough committee members can meet during finals week December 10th – 14th

3. EIS UPDATE (Chien)

· EIS vendor demos are complete; have nearly completed the vendor reference check; and have completed the site visits

Short one reference check due to the lack of willingness of San Diego CCD to talk to us

During the last steering committee meeting, decided to use San Diego as a one-on-one reference check, not as the full committee reference check, because they are not comfortable speaking to the committee as a whole
Decided to choose a different reference site for Datatel

· Both vendors ask for an extension of time for submittal of their documents, from November 29th (final cut-off response time) to early December

Several committee members brought up the issue, that based on the schedule and the delay of the best and final pricing, should ask the board for an extension from January to February, for their approval

Fred has already okayed the extension of the schedule

4. SECURITY POLICY (Fred)

· At the last meeting, the committee decided that ETS should develop a fundamental policy that ETAC could work with

Fred brought a packet that was handed out to the committee members to give them an idea of what might go into a security policy
First two pages had to do with an FTC requirement for putting together an information security plan, which was supposed to be in place by May 23rd, 2003

No evidence that it has been put in place on the campuses

Pages B1 – B3 is an example of Mt SAC’s Information Security Program
Pages C1 – C4 is a slightly modified version of UC Berkley’s security procedures
Pages D1 – D4 is Mt SAC’s acceptable Use Agreement Personal Computer & Network Security Procedures – covers the type of subjects that need to be talked about
Pages E1 – E3 an evolving Information Security Best Practices from FHDA
This information is more than what is needed by the district

The outstanding regulation that we are most concerned with is the Breach Law (page - E2) – which states that if you have an unintended breach of your system, you must notify all individuals whose personal information might have been compromised
Scott wanted to know how you can go from best practices to policy
Chien suggested that if the Berkley security procedures are used, that operational procedures should be separated from the policy

Fred felt that it was important to include all this information, because there are a lot of systems that are not run by ETS, but by the colleges, so that there are clear instructions to them of what the expectations are if a breach should occur, and what needs to be done
With the last two breaches that the Colleges had, the individuals involved with the systems had no idea of what to do

For one of the breaches, the individual began pulling their files off the server that had been left open to the internet, which did not allow the district to know what files had been left open

This should not have been done because it makes it more difficult to perform any type of analysis to determine how the breach occurred; did somebody break in, especially if the FBI wants to become involved to see if a criminal act occurred, you need to have a completely unaltered system

Need to condense the current information down

· Staff should back up their computers, but there are associated costs and personnel

Currently the district does not have the capability for staff to back up their hard drives on to a server

It is important for the district to make this a part of the infrastructure and for all employees to have the capabilities to use it

Can’t expect people to follow a policy unless they are able to implement it

As ETAC gets into the procedures, they will need to discuss how to handle them and how they will be written into the policy if the resources aren’t there

· Looking to come up with a reasonable policy that has enough resources, that don’t appear too ominous, but works for what the district wants it for
· ETAC needs to come up with a reasonable document and then share it with the different councils

For DA, since it is not possible to take to all faculty for feedback, it should be taken to the DA Technology Task Force to share with the faculty and then be passed on to a college council

· ETS is planning to do a security audit that includes the following:

How data is being transported
How data is kept
How data is being distributed

· The finance department is currently going through an audit process – to determine accessibility issues and internal security

According to their timetable this has to be completed by next June to fulfill the audit

· The policy needs to be worked on separately from all the procedure issues

Without a firm policy in place, the procedures will go all over the place allowing for duplicates and holes
The policy should be a top down process
Need to get directions from a policy point of view

· FH is not really networked

Faculty are completely independent of any servers
There is no back up being done, other than thumb drives
In some cases, people don’t have a concept that back up is important

· Security policies need to be driven and agreed upon from an ETAC level
· ETAC should come up with a concept and a little bit of focus that will be used when passing the policy on

Need to do a little bit more defining conceptually, in very general terms, of what is being looked for in terms of feedback

· A security audit can provide data points to help support an integration of the policy procedure into a more fundamental level

i.e. if there is some process going on in the district to handle document destruction & ETAC wants to write a policy, can this new policy mirror the current documentation destruction procedure?

· Need to be careful that ETAC is left in a position for controlling this policy so that each group doesn’t come up with their own concept

ETAC needs to be in charge of how this policy develops and that intern will determine how it is set up when presented to an outside group

· After the current information is condensed down and ETAC has had a chance to look at the document, it can be posted to the web, an e-mail can follow asking for everyone to look at it, and send comments to ETAC for consideration

ETAC can look at comments and determine how to work with them

5. ID MANAGEMENT SYSTEM – INTEGRATION OPTIONS (CHIEN)

· Phase I has been completed and have come to a decision point trying to determine what to do in Phase II

Currently trying to identify all the ancillary systems in both colleges

Trying to figure out which one would be the most effective to start with
With the new EIS coming, there is a lot of integration to do

Makes sense to integrate the IdM Phase II project into a separate project rather than folding it into the EIS implementation schedule

Looking into a couple of systems that merit consideration:

1)    STS student tracking system
2)    Touchnet
3)    E-mail & MeetingMaker

· Once we choose an EIS package, ETS will face an integration decision
· Jeanine ask about wireless

According to Chien this can operate independent of the IdM
Can authenticate within an independent LDAP directory as a separate database

This is dependant upon the progress of the wireless

The fundamental building block of IdM is in place now

Do not need the IdM at this time for wireless, but will want access control when going out to the classrooms and other areas
ETS will be putting access controls everywhere

The wireless is being done in two stages because of CALEA (Communications Assistance for Law Enforcement Act – which allows the government to wiretap our network)

Have deployed wireless in both dining areas and the libraries without access controls, because CLEA accepts these areas

These wireless spots are hooked up the to internet but. 0not through our network

To get around CALEA, we must declare ourselves a private network

In order to do this we must control who gets on the network

This can be done with the wired part of the network

ETS’s biggest challenge right now is getting and deploying wireless broadly on both campuses for students
Have a plan in mind to put the centralized IdM in place so we have control

6. FUTURE AGENDA ITEMS (ALL)

· Capture Card/ Go Print

7. ADJOURNMENT

· Adjourned: 1:40 pm

Next Meeting: December 19, 2007, 12:30 – 2:00, via video conferencing

  
 

 

Last Updated: Tuesday, January 15, 2008 at 11:48:40 AM
©2009 Foothill-De Anza Community College District

  
Home Foothill De Anza
About Us Business Human Resources Facilities Purchasing Foundation Technology Research
Home