Committee meeting - May 2, 2019

Carol Lu
Secretary to the Committee
May 2, 2019

Present: Steven Bourque (Chair), Paul Miskovsky, Erick Engelke, Don Duff-McCracken, Trevor Bain, David Gawley, Bill Baer, Andrew McAlorum, Jason Testart, Robyn Landers, Carol Lu (Secretary)


Regrets: Andrea Chappell, Daryl Dore, Adam Savage, Greg Smith, Dave Kibble

Agenda

  1. Chair’s remarks [5 min.]
  2. Approval of the minutes of the meetings of Thursday April 5, 2019 [5 min.]
  3. ITSM initiative (Andrew McAlorum) [10 min.]
  4. GIT update (Steven Bourque) [5 min.]

  5. Feedback from CTSC members regarding Email Audit (Steven Bourque) [15 min.]

  6. Other Business [10 min.]
  7. Roundtable discussion – all [20 min.]
  8. Next CTSC Meeting
    [Will be held Thursday May 16, 2019 at 1:30 p.m., in EC2 1021.]

Chair’s Remarks (Steven Bourque)

  • No remarks

Approval of the minutes of the previous meeting

  • The previous meeting’s minutes were accepted as distributed.

ITSM initiative (Andrew McAlorum)

  • Follow up regarding the new IT Service Management tool pilot
    • Emails sent to helpdesk@uwaterloo.ca will be managed using the TeamDynamix workflow functionality starting May 2019
    • Currently the Help Desk email address is just an exchange account, there is no ticketing management behind it
    • The purpose of this pilot is to improve IT service management and review the current tools available

Comments and discussion

  • Is this pilot only internal within IST? 
    • Yes, this pilot is currently being tested with the help desk email for the IST service desk group
    • If anyone is interested in piloting a the tool, please contact Andrew
  • Are these tools related to RT? 
    • There is no current plan to replace RT, TeamDynamix is just being piloted 
      • Other potential options for tools will also be piloted in the future
    • Pilot will conclude end of July 2019

GIT Update (Steven Bourque)

  • An alert went out last week regarding the GIT update
    • The existing GIT database will be moving to a new database
  • Timelines are constantly changing
    • Considering moving project forward during times in between terms in order to not interfere with courses
  • Should the update be deployed ASAP or be implemented in between semesters? 

Comments and discussion

  • The update can be deployed during Spring term in order to monitor any issues that may arise before September

Feedback from members regarding Email Audit (Steven Bourque) 

  • The email audit recommendations mirrored the email recommendations given by CTSC

  • Should the recommendation regarding cyber awareness training be used to implement mandatory cyber security training? 

    • Could be a point to raise to UCIST

  • Can ProofPoint be used to scan mailman lists for spam rather than having moderators manually approve/reject requests?

    • This cannot be implemented due to licensing restrictions

Roundtable

Math (Robyn)

  • There will be another power shut down in late August for MC, DC, and M3
    • Power will be out for 14 hours
    • Current date scheduled is August 18
    • Fall back date is a week later 
  • Power shut downs may become a regular occurence in order to allow for regular maintenance 
  • Generator requests will be at the requesting department's expense
     

Information Security Services, IST (Jason)

  • In the process of cross-referencing WatIAM passwords with 'haveibeenpwned' password hash database
  • Hashes have been tested with nexus-test database
    • Small number of users have compromised accounts and passwords
  • Looking to have account passwords that do not meet the current length requirements update their password
  • Two-factor authentication will be activated in June or July 2019 for Quest, Workday, Unit4 and possibly others

Comments and discussion 

  • Two-factor authentication should be recommended for passwords that meet the length requirements but do not meet the complexity requirements
  • Accounts with passwords that do not meet length requirements will be required to update their password but will not lose account access
     

Client Services, IST (Andrew)

  • LEARN moved to ADFS yesterday
  • All student facing systems will have single sign-on 
    • Timelines to move to single sign-on are dependent on individual systems
  • Update regarding exam management system RFP
    • There were no bids for Odyssey, currently working to maintain support for the system
    • Bid was made for Crowdmark (written answer marking system)
    • Bid was made for Akindi (multiple choice marking system) 
  • Office 365 project is on track
    • Currently in initial planning stages, exploring identity management options
    • A form has been filled out to highlight potential security risks; this has been shared with the University of Waterloo Privacy Officer
    • Once identity management options are finalized, more consultation will be conducted

AHS (Trevor)

  • Currently updating all Macs
  • In the process of replacing old projectors 
  • Had Sean Mason visit the department to do a WatIAM Grouper follow-up session
    • Sean was very helpful and answered questions and concerns

Computer Science (David)

  • Will the IST storage system update be presented at CTSC? 
    • The presentation will take place in the future
    • Presentation notes can be posted to the CTSC
  • Is the Dan Klein password dictionary still being updated? 
    • The Rockyou dictionary is newer and more comprehensive
  • Will be looking to move department's critical servers into the IST server room during the upcoming power outage
    • Will get in touch with IST closer to the outage date

Technology Integrated Services, IST (Steven)

  • Software defined storage update
    • Business plan is complete and the project will be put towards next year's budget
    • Plan will be posted online and will be discussed in a future meeting
    • Project is not finalized, changes may take place
  • Guest wireless network access update
    • People have been using the new guest Wi-Fi
    • Currently working with Canarie on eduroam guest Wi-Fi
    • This is the final iteration, a new SSID will not be set up for the guest Wi-Fi

Science (Paul)

  • Outline was launched yesterday (online syllabus repository)
    • Project was in collaboration with the Math department

Environment (Don)

  • Department is also having an IT audit being conducted
  • Surplus policy changes have resulted in departments only seeing compensation for surplus materials if the value per individual item is $1,000 or greater. Is this something that can be raised as an issue?