ITAC Minutes and Agenda for October 26, 2023


Allen Building Boardroom



4:00 - 4:05pm: Announcements (5 minutes)


4:02 meeting called to order by Victoria Szabo. No Announcements at this time.



4:05 - 4:25pm: Effects on Duke Admission Process with latest SCOTUS decision - Duke University Council Office (10-minute discussion, 10 minutes Q&A)


What it is: As you are likely aware, the Supreme Court recently restricted the use of affirmative action in college admissions. Chris Lott, Deputy General Counsel at Duke, will attend to discuss the implications of this decision on our admissions processes, with some attention to appropriate data gathering and management going forward.  Many external groups seek to leverage this decision to apply to processes well beyond admissions, we will pick his brain on these as well.


Why it’s relevant: The implications of the SCOTUS decision are far-ranging; making sure Duke makes appropriate technology and data management solutions available to support appropriate use of data moving forward will put Duke in a better position to adjust to the new reality.


Victoria Szabo introduced Chris Lott, who is the Deputy General Counsel.


Chris Lott discussed the implications of the recent Supreme Court decision on affirmative action.  He provided a general overview of the decision and highlighted areas that might be relevant to ITAC.  A number of committee members had questions for Mr. Lott, including on the appropriate management of data in the wake of the decision, what data reviewers can see during the admission process, and data privacy protocols and practices. 


4:25 – 5:10pm: Scary ITAC – Nick Tripp (30-minute presentation, 15 minutes Q&A)


What it is: For the 2023 edition of Scary ITAC, the IT Security Office will present details on a previously undisclosed security incident at Duke. 


Why it’s relevant: In light of the recent security incident at the University of Michigan, the IT Security Office would like to examine the details of a real attack in the Duke network environment. We will illustrate why even small gaps are sufficient to cause big issues. 


Nick Tripp presented the lessons of a realistic attack simulation, which were identified in the course of a recent Information Technology Security Office Purple Team exercise. Purple Team exercises allow organizations to actively test their existing cyber defenses and include both a Red Team (attackers) and Blue Team (defenders). In the purple team exercise, the Red and Blue teams are more closely coordinated to share information that can help to better identify and address blindspots or weaknesses.


Victoria called the session to an end at 5:18pm.