Duke ITAC - March 18, 2004 Minutes

DUKE ITAC - March 18, 2004 Minutes


March 18, 2004

Members present: John Board, Paul Conway, Dick Danner represented by Ken Hirsh, David Jamieson-Drake represented by Bob Newlin, Angel Dronsfield, Nevin Fouts, Tracy Futhey, Michael Gettes, David Jarmul, Kyle Johnson, Roger Loyd, Greg McCarthy, Melissa Mills, Lynne O’Brien represented by Jim Coble, George Oberlander, Mike Pickett,Rafael Rodriguez, Molly Tamarkin

Guests present: Major Parker (Duke Police); Major Sarah Minnis (Duke Police), Shawn Flaugher (Duke Police), Chris Cramer (OIT), Phil Lemmons, Cheryl Crupi (OIT), Jen Vizas (OIT)

I. Review of minutes and announcements

Happy Birthday to Mike Pickett

Status of e-mail migration. Michael Gettes explained that they continue to be stalled in terms of doing the last third of the migration. Have good ideas and taking active steps to deal with the situation. Expect in next week or so to continue with migration. The email systems remains stable and have not experienced additional problems since the delay 2-3 weeks ago. He explained that they won’t move forward unless 100% sure. It is good to have paranoid people involved in the project.

Senior registration planning. Mike Pickett explained that this is the time when [we] start thinking about senior registration for fall term. Chris Meyer has put together a strong battle plan for the program. Things seem to be going rather nicely. In preparation for the Big Day (Friday 3/26) students are currently adding items into their "book bag."

II. Cellular RFP - criteria, process, timeline, Presented by Angel Dronsfield

Angel explains that in January the cellular RFP was sent to eight vendors. Seven responded and the eighth explained that they do not provide voice services in our area. Currently going through the review process, analyzing a number of areas such as international service, pbx integration, price, etc. There is a wide variety of constituents needs that we are keeping in mind. The next step is to bring in the responders [vendors] for face to face discussions. They are coming in next week “in mass.” We are inviting anyone who can answer questions and make commitments. The review team has been expanded to include Nevin Fouts and Kyle Johnson. We initially interviewed constituents to assess their needs. We are now trying to get rank order of categories get an understanding of level of importance. The information will be used as a key factor in how we decide to make recommendations. Goal promote advertise explain advertise offerings mid of april. Know what plans are before leave for summer.

Kyle Johnson asked if there is a specific length of contract that they are looking for? Angel explained that they did not specify a specific length of contract. However, we did ask if there are any term commitments required to get special prices offering – such as, numbers of phones, signing up for specific service etc., that would affect the overall pricing.

The request was made that in the future it would be helpful if the negotiations of this type of contract would coincide with the budget planning cycle. Some departments will need to scramble to pay for new services.

III. Content Management System update, Presented by Cheryl Crupi

Chery Crupi explained that the project objectives were to 1) develop an enterprise CMS solution that would facilitate sharing content across the University 2) to design and test the functionality of the system by running two acceptance test projects and two pilots and 3) to deploy the CMS for general availability by the end of May. The two acceptance testing sites are Duke News & Communications and Fuqua. The two pilots are the Perkins Library’s site and portions of the HR site. They were selected due to the opportunity for syndication of content.

Molly Tamarkin asked about the user interface and who did they envision the users to be?

Cheryl explained that there are many different levels of users and multiple interfaces – content author, editor, and publisher (content writer). The website creator and editor role – has the ability to create sites, set up structure, create templates, identify slots where the information will go. The administrator role has override control.

David Jarmel commented that there is tremendous excitement among news offices and communications types about this project. They have been waiting for this for some time now. There have been discussions on how to work with deans and others to make most of this tool. Optimistic that it will come together.

George Oberlander asked if Cheryl could go into more detail about the intended roll-out to a wider audience. Cheryl commented that they are really at the beginning stages and have been focused on user needs. She went on to explain that communicating the general availability and rollout are the biggest risks right now and that this is an area that they need to focus. Tracy Futhey asked that if anyone has ideas on effective ways to communicate this to please let Cheryl know. David Jarmul explained that it is important that the deans understand how to take advantage of the CMS and what it offers them – that it won’t depend upon the developers. Cheryl commented that they need good case studies/examples to demonstrate how the system can be used effectively.

Nevin Fouts had two comments about Fuqua participating in the acceptance testing. He is very interested in testing the usability by faculty and how easy the user interface is. Also, he is interested in seeing how the toolset appears to the user when using an authoring kit like Dreamweaver.

Kyle Johnson mentioned that Student Affairs will hopefully be the 1st group to go live after the pilot – the goal is to get all content in place for the fall.

IV. Large public video displays exploration, Presented by Mike Pickett

Mike Pickett explained that they he held a meeting a few weeks ago to discuss large public video displays. Had a large turnout and was surprised how many departments are currently doing this. In general what was learned during the discussion was that plasma screens were the preferred display but experiencing burn-in problems. Events Management’s plasma display in the Bryan Center experienced burn-in – luckily it was within the warranty period. LCDs seem like the way to go – they cost more however, prices are dropping and there are no problems with burn-in.

Fuqua is using public displays, Pratt is in the process of putting up 2 displays, Computer Store is installing a display, and the Law School has one in use. A large number of groups are using PowerPoint as the tool to display information. Some are attaching a computer directly to the display others are attached to the network with remote hookup. How to get content on the public displays was a topic of interest for further discussion. Other topics of interest included who would have rights to add content, and how to secure the content from getting hacked. Fuqua and Pratt had a process in place to submit content via the network, and the information would be displayed automatically. Pratt seems to have the more sophisticated application – not totally up yet. Those in attendance were interested in seeing what Pratt and Fuqua were doing.

A concern noted by the group was what would happen when and if someone hacked in and broadcasted information all over campus on the large displays. Next steps is to have interested parties tour those space with large video displays, look at how the groups post content, and to see if Jim Rigney could get good prices.

V. Securing IT devices and peripherals, Presented by Jen Vizas

In December the topic of securing computing devices came up in the OIT Extended Staff Meeting. As a result Mike asked the Academic Technology Planning Committee (Molly Tamarkin, Lynne O’Brien, Mike Baptiste, Roger Loyd, Melissa Mills, Jen Vizas and Tim Searles) to discuss the topic further and come up with a requirements document.

Over the past several years, most IT organization have experienced thefts or attempted thefts. The individuals taking the equipment are becoming more brazen. The thefts have occurred both in publicly accessible spaces as well as private offices – there have been attempts to remove ceiling mounted data projectors out of classrooms; laptops have been taken out of offices; a full-size desktop computer and flat panel display were stolen from the stacks of the library; and there have been a number of attempts to steal computers from computer labs.

There is a high level of expectation that technology will be available in teaching facilities (classrooms, auditoriums, seminar rooms, ICCs), and public spaces (lobbies, hallways, computer labs). How do [we] provide this computing equipment, at the level of access desired, in a way that deters theft?

A number of questions and issues were raised during the discussion, they include:

  • What level of security do [we] expect the university to provide?
  • Who should set the standards for the security of university owned equipment – should it be the individual departments or Duke Police?
  • What level of security should be provided centrally versus departmentally? We felt that it would be a mistake if we have everybody going and doing their own thing.
  • What is cost of doing business or what level of theft we expect to occur?
  • What protection should [we] provide for student's and others' personal computing equipment?

The group felt that the principles (or philosophy) that we should employ in coming up with a requirements document solutions/plans include:

  1. Balance security risk vs. cost of security.
  2. Include appropriate technical staff in review of potential solutions to ensure selected technologies are state-of-the-art and cost-effective.
  3. Involve clients (focus groups) to understand their needs and get a sense of what level of marginal cost is worth investing for the associated increase in security.
  4. That the approach must be multifaceted and flexible – there is no single system/security measure that will work for everyone.
  5. Security should not be a money making service – obstacles must be removed.
  6. There should be incentives to encourage departments to "buy-in" to the security systems available rather then going off and doing their own thing.
  7. Balance privacy with security
  8. Aesthetics

The group came up with an initial set of recommendations. However, the group will be reconvened – invite Duke Police and Duke Card as well as anyone here who would like to join in the discussions. Goal of the group will be to develop a requirements document and a set of comprehensive recommendations.

Ralfael Rodrigez asked if there was any discussion about protecting data once the equipment is stolen? He explained that the cost of the equipment may not be as valuable or costly to the institution as the cost of the data.

Mike Picked asked if the cost is absorbed by the individual unit when something is stolen. Someone explained that there is a $5,000 deductible. Melissa Mills mentioned that there seems to be a disincentive to secure devices – they must pay for security plus securing the device. Molly Tamarkin commented that there are trends to what is stolen and said that she would be interested in receiving communications about thefts. She went on to explain that when they installed the plasma display and was deciding upon securing the device she didn’t think to ask the police. It would be nice if there was a designated contact. Major Sarah Minnis, from Duke Police, explained that Shawn Flaugher should be the contact. Shawn is the crime prevention and security project manager. She went on to explain that this area of security falls s under Major Parker.

Shawn explained that he would be more than happy to attend regular meeting on the topic, listen to concerns and/or specific problems. He went on to explain that he conducts security audits/surveys for departments and give recommendations. Tracy Futhey mentioned that this is very valuable information and that we may want to discuss this in a broader session – possibly get together every couple of months. Mike Pickett asked if this should be a monthly or a quarterly meeting? Kyle Johnson expressed that he thought this was a project that could ramp down – start aggressive and ramp down. Roger Loyd explained that the police news mailing list is a big help – provides a wealth of information.

Melissa Mills commented that Bob Thompson stopped putting readers on the classrooms. A large portion of the budget is spent on monthly charges. She asked if we could look at it from a big picture – what do we want to do, how much cost, appropriate cost for the benefit.

Michael Gettes explained that this is not just a financial issue. Need to look at how it is used and abused, it is not meant as a panacea to solve our problems. Melissa Mills explained that she knows it’s not going to solve all the problem. But how do we secure facilities and make available in appropriate ways. Major Minnis explained that the Duke Police would like to be a part of the discussion and to be honest they don’t like the card readers. They would really like to look at other solutions – in looking at the numbers there have been 15k responses at 15 min per officer adds up to 10 hours/day. Many of the alerts are because doors are ajar – nothing is stolen or missing. Shawn Flaugher explained that a lot of what they do is look at traffic patterns, provide an overall analysis.

Mike Pickett wrapped up the discussion and said that he will be sending out a message to the clac list and pull together a meeting to discuss the topic further.

VI. Draft telecommuting policy-IT issues discussion, Presented by Mike Pickett

Mike Pickett reminded everyone that this is a draft policy. He explained that he would like their input from the point of view of the impact on the IT groups. He opened up the discussion and asked if there were any comments/thoughts. Tracy Futhey commented that this policy is not a blanket statement that everyone can telecommute. Molly Tamarkin explained that she felt the policy was really well done.

Mike Pickett asked how many of you have supervised employees asked to work at home. Chris Cramer commented that he sees there are two issues to consider: 1) how the policy impacts us as IT support staff supporting people at home and 2) how it impacts us as people who work from home. George Oberlander explained that he is a big fan of telecommuting but is concerned about implications of providing support at home – what is the cost of providing this service. What happens if we go into someone’s home and something is stolen – his staff is not bonded. Asking support people to go into homes could be a legal issue. Someone explained that it could be problematic to load Duke software on someone’s personal system. Ken Hirsh explained that in providing support at home they help serve as advisors. He explained that working from home is optional and not mandatory and must be approved by a manager. If the manager doesn’t think it is appropriate then their decision is not grievable. His role is to advise the dean or department head. Kyle Johnson asked if it would be of value to get small group together and put together a document about best practices that groups could build upon. So departments don’t have to come up with on their own. Chris Cramer explained that if would be helpful that references a list of current requirements, technical issues, best practices, etc.

Chris Cramer asked if there is any value gained from looking at what information that should or should not be worked at from home. Rafael Rodriquez explained that they faced the same issue before computers – people carry confidential information around both paper and electronic. Chris Cramer asked if it would make sense to categorize information based on what people could work on or not work on from home. Kyle Johnson explained that he felt that was a management decision. Ken Hirsh explained that what we are discussing is implementation, this is covered in the confidentiality agreement. Mike Pickett suggested that there would be value in putting together a best practices document. Someone asked if the issues need to be resolved from IT perspective before the policy goes live? Molly Tamarkin explained that under the confidentiality and security section there needs to be a specific reference listing IT security. Paul Conway mentioned that making a reference would be great but the manager is responsible.

Mike Pickett explained that he wanted to clarify what he heard. While we do believe a best practices document / guidelines are needed the policy doesn’t need to be changed. There needs to be education about the policy and the implications. He asked if anyone has any suggestions for changes to the policy to let him know.