Committee Meeting - June 26, 2014

Darren Bondy
Secretary to the Committee
July 10, 2014

Present:

Dave Wallace (Chair), Darren Bondy (secretary), Bruce Campbell, Marko Dumancic, Bill Ince, Dawn Keenan, Dave Kibble, Robyn Landers, Paul Miskovsky, Carl Nagel, Terry Stewart, Jason Testart

Guests:

Stephen Sempson

Regrets:

Andrea Chappell, Erick Engelke, Bob Hicks

Agenda

  • Email (Bruce Campbell)
  • Active Directory (Bruce Campbell)
  • Campus Firewall (Bruce Campbell)
  • IT Strategic Plan (Dave Kibble)
  • IT Governance (Andrea Chappell)
  1. Next CTSC Meeting

[Will be held Thursday, July 10, 2014, at 1:30 p.m., in MC 2018A.]

My Common CV demonstration (Stephen Sempson)

Stephen Sempson demonstrated an application Engineering developed called (link no longer active)

  • The Canadian Common CV (CCCV) can take up to 60 hours to complete; this application has greatly reduced the time spent to complete it.
  • This can be used by all professors at the university; it is not widely used yet.
  • Researchers can import a BibTeX file into My3CV with his/her publication records from Google Scholar.
  • My3CV can automatically import the researcher’s publication records from Microsoft Academic Search and DBLP.
  • Researchers can delegate data entry and editing to a staff member.
  • It generates an XML file for import into CCCV.
  • Written in PHP; it pulls data from OFAS.
  • When it pulls in records from OFAS and you edit them, does it update/rewrite the data in OFAS?
    • Yes, it will also store the information for you, so you can log in and out while completing the forms.
  • Engineering is willing to let another group take over administrative rights and continue work on it.

Any questions regarding My3CV can be sent to mailto:my3cvcontact@engmail.uwaterloo.ca

Chair’s Remarks

  • The last UCIST meeting before the summer break was last week; there will be one more session related to UCIST on July 4th on Infosilem. The vendor will be giving a presentation/demonstration on the product to help provide a better understanding about how it works.
  • The Terms of Reference for UCIST have been reviewed by the committee; we are in the final stages of that.
    • Met with the new Provost, Ian Orchard yesterday to discuss the committee.

Approval of the minutes of the meeting of June 12, 2014

The minutes of the meeting held on June 12, 2014 were accepted as distributed.

Email Security (Jason Testart)

Jason Testart has been working on a roadmap for email security on campus. He distributed an introduction and executive summary to the committee.

Introduction

While there are measures in place to reduce spam and malware-borne email from landing in University of Waterloo inboxes, the configuration of University of Waterloo email servers is still fairly open compared to current standards.  Furthermore, the architecture of email service is problematic for the University of Waterloo to be able to properly manage risks associated with email.  This document outlines these problems and provides a roadmap for change that will help the University of Waterloo manage email security risks.

Executive Summary

There are several security threats that we face with email. These include:

  • Phishing
  • Spam
  • Departing employees that keep accounts as students/alumni
  • Malware

These threats are real, and the university has already suffered loss in reputation and productivity as a result of these issues.  The current email environment needs to undergo change in order to better deal with these threats.   The following initiatives are proposed in order to reduce the incidence of these threats:

  1. Email Forgery Prevention.
  2. Moving Student/Alumni email off the uwaterloo.ca domain.
  3. Reduce number of campus email servers.
  4. Adoption of SPF/DKIM for uwaterloo.ca email.
  5. Investigation of commercial email security solutions for uwaterloo.ca email

The order of the above initiatives is important because later initiatives depend on earlier initiatives.  There is no single silver-bullet solution to address the security risks of email.  To be truly effective, the measures proposed in this document must be complemented by other security measures, such as security awareness, and multi-factor authentication for high-risk online transactions.

Roundtable Reporting

Science (Paul Miskovsky)

  • Continuing working on digital signage; elected to go with the Visible product for the time being.
    • Signs will largely be around the Physics building.  

Math (Robyn Landers)

  • New associate Dean of Computing in Math, Marek Stastna.

Environment (Marko Dumancic)

  • As part of one of the Productivity and Innovation Funds (PIFs) on monitoring and reporting on space on campus, we acquired Archibus. It looks very promising and Dumancic will report back when he finds out more.

Computer Science (Bill Ince)

  • An inquiry was made about the state of the MC power generator project.
    • Campbell responded that Plant Ops put out an RFP for a 600 KVA generator.
      • Will be consulting with Plant Ops about next steps.
  • We have been hearing that there is a possibility that ONA will be replaced by a commercial product?
    • Campbell responded that Steve Bourque and his team will be looking at open source tools in this budget year.
    • There are some things that ONA can do that may not be possible in a commercial tool.
    • We will not use a commercial product this year.

Arts (Dawn Keenan)

  • We facilitated a lab exam for Accounting last week and it did not go well; we used a 3rd party lockdown software that did not allow proper access to LEARN for the exam.
    • We are going to investigate other means to provide secure exam access with minimal proctoring.

Updates (various)

Email (Bruce Campbell)

Active Directory (Bruce Campbell)

  • Still a couple dozen servers to migrate.

Campus Firewall (Bruce Campbell)

  • We are becoming more confident with the December 2014 timeline for having most groups behind the firewall.

IT Strategic Plan (Dave Kibble)

  • We have announced that we have hired a new director of Enterprise Systems – Dr. Sati Singh.
  • IT annual plan follow up was brought to the UCIST committee last week.
  • IT directions will be updated in the next few weeks.

IT Security (Jason Testart)

Identity and Access Management update:

  • Sent around a draft RFI, thank you for the feedback on that. It was sent to procurement and is now posted from now until August.
  • We need to put together a small group to work on this; hoping to have a CTSC member from the academic side on this.
    • Would like a response from this committee in July; we do not need to have the group picked until the beginning of August.

Next meeting

The next meeting will be held on Thursday, July 24, 2014 at 1:30pm, in MC 2018A.