Carol Lu
Secretary to the Committee
November 28, 2019
Present: Andrew McAlorum (Acting Chair), Adam Savage, Bill Baer, Erick Engelke, Jason Testart, Paul Miskovsky, Robyn Landers, Trevor Bain, Lori Paniak, Greg Smith, Don Duff-McCracken
Regrets: Andrea Chappell, Steven Bourque, Daryl Dore, David Kibble
Agenda
- Presentation: ChatBots (Greg Smith) [20 min.]
- Chair’s remarks [5 min.]
- Approval of the minutes of the meetings of Thursday November 14, 2019 [5 min.]
- Combating phishing, awareness training, and mandatory 2FA (Jason Testart) [10 min.]
- Adobe Cloud purchasing update (Andrew McAlorum) [10 min.]
- Other Business [10 min.]
- Roundtable discussion – all [20 min.]
- Next CTSC Meeting
[Will be held Thursday December 12 at 1:30 p.m., in EC2 1021.]
Presentation: ChatBots (Greg Smith)
- Greg Smith attended the meeting to give a presentation about ChatBots.
Comments and discussion
- Who has access to the information entered into the chat bot window?
- Campus Wellness related questions will be integrated into the chat bot some time in the future
- There was a good amount of interest in chat bots at both EDUCAUSE and CANHEIT
- York University has had their chat bot up and running for a while
Chair's remarks (Andrew McAlorum)
- Reminder that the WatITis conference is next week
Approval of the minutes of the previous meeting
- The previous meeting’s minutes were accepted as distributed.
Combating phishing, awareness training, and mandatory 2FA (Jason Testart)
- 2FA is becoming mandatory for a lot of systems due to legality
- UCIST to discuss the implications of 2FA
- DUO has a 'Remember me' feature that can help reduce frustrations with constant 2FA prompts
- Using the mobile push option is the most popular and easiest way to authenticate
- 2FA will be rolled out to VPN next
- IST is currently investigating how 2FA is supported by Cisco VPN; Cisco was recently upgraded to support 2FA
- Cisco recently acquired DUO
- IST is currently investigating how 2FA is supported by Cisco VPN; Cisco was recently upgraded to support 2FA
- A project plan for mandatory 2FA has not been developed yet
- IST has started conducting phishing simulations within its own department
- Would like to roll-out simlulations to other departments on campus
- IST will only collect aggregate statistics in order to track the total number of people falling for phishing attempts
- Data will be used to decrease number of people clicking on phishing attempts
- Can we add specific content to the Cyber Awareness site about why each phishing attempt was identified as fraudulent?
- Content would not be specific to each email as they all have varying subject matter
- Microsoft announced they will be removing IMAP support
- This announcement is not related to the Office 365 Employee Email Investigation
- The Employee Email Investigation was announced before Microsoft made their announcement
- If it is decided that employee email is moving to the cloud, there will need to be a solution for Mozilla Thunderbird (does not work with 2FA)
- Which clients support Modern Authentication?
- How willing are staff/faculty to download DUO?
- DUO can be downloaded on iPads and tablet devices in addition to phones
- Another alternative would be a YubiKey; would have to investigate which YubiKeys are supported by our VPN
- Would enabling mandatory 2FA for email help stop phishing login attempts?
- A lot of systems are still dependent on using Central Authentication Service (CAS)
- Could 2FA be enabled in CAS?
- No, the CAS system is too old
- CAS will eventually be retired but a date has not yet been set
- The WCMS currently uses CAS
- Could 2FA be enabled in CAS?
- This announcement is not related to the Office 365 Employee Email Investigation
Adobe Cloud purchasing update (Andrew McAlorum)
- Andrew met with Bill Baer and Lisa Tomalty to discuss the Adobe Cloud purchasing
- Currently negotiating a deal with Softchoice to get VIP Tier 4 pricing
- Sandra Laughlin will coordinate new purchases in the future
- Everyone will have a consistent renewal date
- Phase 2: get Adobe Cloud added to the Webstore and Shopify
- If a user is inactive and a department wants to take back their license, they require the user's machine in order to do so
- Further updates will be provided once the process is finalized
Roundtable
Computer Science (Lori)
- Re:Office 365 Employee Email Investigation, will Thunderbird add-ons have to be purchased for all users if the decision to move goes forward?
- This is a possibility
- Another option would be to develop an add-on ourselves
AHS (Trevor)
- Currently trialing Solstice for 30 days
- Will invite interested participants to try it
- Not sure if the wireless network will be able to handle Solstice
- The Library uses AirMedia which works well
Arts (Bill)
- Fine Arts is looking for wireless projectors
- Would like students to be able to present their work seamlessly without having to use cables and connectors
Science (Paul)
- The Faculty Academic Software Team (FAST) has kicked off their project homepage
- FAST would like to facilitate projects independently
Environment (Don)
- Are departments supporting retirees from an IT perspective?
- Yes, the departments are providing retirees with IT support
- Math only supports University owned machinery
- MOU is being developed for retirees; the University will provide retirees with a user ID but there is no mention about technical IT support
Math (Robyn)
- Students are complaining about the wireless network on Reddit
- The perception of eduroam is not positive