Advanced Search

• IT Governance Structure
  • ITGC
  • CIO Group
  • ASAC
  • AISB
• RFC Process

Recent Changes
RSS Feed

Information Security Committee Minutes - April 2009

April 9, 2009

Present:  C. Tianen, Chair; P. Berlin, J. Claudio, A. Dobson, T. Ferris, V. Terra Hodge, H. Kahn, C. Orsine, L. Poirier, T. Poon,  H. Schmidt, E. Terrazas

Absent:  M. Day, R. Duca, B. Flynn, J. Fritz, A. Saggio, R. Slaughter, D. Yano-Fong

Staff: J. Evind, T. Maxwell, S. Schluntz

The March, 2009 minutes were approved.

The hardware for the PGP implementation is in place and documentation is underway for a pilot. The pilot is being rescheduled for Q4 of 2009 to allow the release of the PointSec Mac OS X client in Q3. EIS will work with SOM ISU to prepare and test the new Mac OS X client for release to the UCSF campus.

There has been low response to EIS’s Pointsec encryption service. Less than 200 clients have been installed on campus, although SOM has purchased some licenses. Members were asked to influence their schools or departments about the necessity for encryption.

The increase in malicious code tickets is due to awareness of the worm Confiker. However, since many departments took proactive measures to continuously protect their systems, Conficker had a minimal impact on the UCSF campus network. The Medical Center is also back to normal.

EIS is increasing education about iPhone security. iPhones cannot be protected because Apple does not allow background applications on the device. EIS recommends that all departments enforce the use of the Exchange mode instead of POP/IMAP. Users are also being educated on legislation regarding personal responsibility for securing confidential data.

Any efforts to limit protocols on the network would require campus policy; such an issue could be brought to the to-be-formed security governance committee.

The CIO Group is reviewing the charge, membership, terms, and work of each of its subcommittees. Carl, Lynn Poirier, and Tom Ferris will go before the CIO Group on April 16^th to update them on the accomplishments and status of the ISC.

ISC members reviewed and suggested changes to the CIO presentation including focusing on the need for executive leadership for data security. Members were asked to forward any further comments by Monday, April 13.

In response to an MCA to update the current Wireless Networking Standards, members reviewed and commented on a draft version of the update. Member changes will be incorporated and they will have until May 1^st to submit additional changes. The final standard will be reviewed at the May 14^th meeting for publishing by June 1^st.

EIS is creating a Threats and Vulnerabilities checklist for Deans and Vice Chancellors to use as an awareness and training tool for their schools and departments in an effort to help users change their behavior.

The IS-3 is being revised in response to the new stimulus package. Institutions that deal with health information will be subject to stricter consequences for loss. The Privacy Office and Jocelyn Nakashige in FAS have been working to educate the campus community about and draft policy for the Red Flag Rule which goes into effect May 1.

Departments may develop more specific guidelines as necessary to address their individual needs.

Return to ISC home page.