TAG Meeting Notes – 2013-09-04

5 09 2013

TAG Meeting September 4, 2013 2:00pm-2:50pm

Attendees:

Jeremy Brees, Tim Cannon, Paul Cutrufello, Kim Daniloski, Dave Dzurec, Tara Fay, Jim Franceschelli, Eugeniu Grigorescu, Andrew LaZella, Sandy Pesavento, Kristen Yarmey

1. Introductions

We introduced two new TAG members for this year: Dr. Andrew LaZella (Philosophy, CAS) and Jeremy Brees (Management and Marketing, KSOM). We’re still hoping to recruit an additional faculty representative from PCPS – please let us know if you have any suggestions!

2. Brief Reports

LMS Group (Tara)

The Learning Management System Working Group recommended at the end of Spring 2013 that we switch from Angel to Desire2Learn (see full report for details). TAG members Tara Fay (Biology), Sandy Pesavento (Education), and Teresa Conte (Nursing) all served on the LMS Group, along with fellow faculty members Maureen Carroll (Math) and Julie Nastasi (OT).

The University has since signed on with Desire2Learn. As VP for Planning and CIO Jerry DeSanto announced in July, Desire2Learn will be available for use in Spring 2014, and Angel will be available until June 1, 2014 (so D2L and Angel will run in parallel in Spring 2014).

Staff members in CTLE and ITDA have been working on an implementation plan. We’ve been asked not to share details yet, since the plan hasn’t been finalized, but the LMS Group will be presenting their plans to the Faculty Senate and Deans Conference in the very near future. We’ll post a conversion schedule here when there’s more information available.

Eugeniu noted that CTLE plans to do some pilot course conversions with several faculty members early on in the process – particularly faculty members whose Angel courses have a lot of specialized content.  (Tara has already volunteered to be one of the pilot participants.) There will be trainings and demonstrations available for faculty.  Let TAG know if you have questions or requests related to the LMS transition and we’ll pass them along to CTLE and ITDA.

Website Proposal Group (Dave)

Dave, Jeremy S., Kristen, and Katie met with Hal Baillie, Jerry DeSanto, Gerry Zaboski, and Vince Carilli in May to discuss the Website Maintenance Proposal that members of TAG drafted last year as a solution for the complex issue of maintaining and updating departmental websites. All parties generally agreed that maintaining departmental websites is a serious issue affecting recruitment of students and faculty, but unfortunately a new position (full time or part time) is not an option. TAG will table this issue unless we come up with other options to explore.

On a related note, during the switch to the new responsive design for the University website this summer, some departments were prepared for the conversion and had sized images uploaded in time, but others did not.

Acceptable Use Policy (Dave)

The Acceptable Use Policy drafts are moving forward and will go to the University Governance Council and the Faculty and Staff Senates this semester.

Identity Finder (Kristen)

At our April 2013 meeting, IT Services Director Jim Franceschelli and Information Security Director Adam Edwards brought a proposal for Identity Finder Automated Scans to TAG for faculty feedback. TAG shared two main concerns from faculty:

1) Decreased performance of computers during Identity Finder Scans — Adam had explained that the automated scans would be implemented with IT staff members first, so that he’d be able to smooth out the process before implementing with faculty. Jim noted that the staff rollout had gone smoothly and IT Services had not received any complaints about decreased performance. The *first* Identity Finder scan tends to take the longest, but subsequent scans are quick.

2) IRB data – concerns that Identity Finder scans of machines storing human research subject data or client files would breach subject confidentiality. We were working over the summer on preparing recommendations for faculty members who store IRB data on how to encrypt and password protect their data folders, such that the data would be protected from Identity Finder scans but (perhaps more importantly) also from external malicious attacks. Kristen will check in with Adam to find out the status of the recommendations.

All TAG members in attendance volunteered to serve as pilot participants for faculty implementation of Identity Finder prior to full rollout.

Jim recommended that faculty members run their own Identity Finders scans ASAP due to the increase in malicious attacks on campus computers — IT Services can clean and return faculty desktops much more quickly if a recent Identity Finder scan has confirmed the absence of confidential or sensitive data.

Information Resources Advisory Council (Kristen)

IRAC will meet twice this academic year, in October and March. TAG normally sends two faculty representatives to IRAC meetings. Paul Cutrufello volunteered to continue serving on IRAC this year. Andrew LaZella volunteered to serve as the second representative depending on the schedule for IRAC meetings. Kristen will contact Robyn Dickinson for IRAC meeting dates.

3. Items for Discussion

University Website Changes (Kristen)

During the summer, there were several major changes to the University’s web presence. Kristen opened the floor for feedback or comments on these transitions:

  • Academic server (academic.scranton.edu) decommissioning — Kristen worked with Adam Edwards in Information Security to reach out to faculty members who still had content on academic. CTLE offered support for faculty who needed help moving their content, generally recommending that faculty members use existing templates in the University’s content management system (CMS). While the transition seemed to go smoothly, there is still a need for a place or host for faculty and student web development. At least one faculty member had needs that could not be fulfilled in the CMS.
  • Responsive redesign of www.scranton.edu — There are several reports of templates not quite making a smooth transition – e.g., Faculty/Staff pages like the History Department’s, dropdown links on the Provost’s website, etc.
  • m.scranton.edu takedown — The Library had issues with this, but TAG members hadn’t heard any other concerns. [Update 2014-02-12: Lori Nidoh in PR clarified that m.scranton.edu had not been taken down. Instead, automatic redirects had been implemented.]
  • my.scranton.edu (Luminis) upgrade — TAG members reported several ways in which the new interface unintuitive. Student schedules are difficult (for students) to find, as are the Faculty/Staff directory, class rosters, and course evaluations. However, TAG members agreed that by now most people have figured out where links are, so we don’t want to request changes to the Faculty Tab at this point.

WordPress (Kristen)

The University set up a local WordPress network in late 2011. It now hosts admissions blogs, the Library blog, and the History Department blog. IR staff members had indicated that they were working on developing guidelines for how the WordPress network could be used and creating a process through which sites on the network could be requested.

In the meantime, several faculty members have requested WordPress sites for other uses – internal collaboration, classroom use, etc.  To date, while internal collaboration requests have been accommodated, IR has denied requests for classroom use. Jim explained that IR is working on determining what level of support they can provide. For example, while supporting one faculty member’s WordPress site would not be time intensive, supporting 30-40 classroom sites would be an issue — whose job does this become? There are also other issues IR wants to consider before providing class-based WordPress support – e.g., archiving student work, providing access and security, etc.  IR’s preference would be to provide support for classroom blogs via Desire2Learn once we convert over from Angel. Kristen asked Eugeniu if one of the D2L faculty pilots could include a blogging feature so that faculty members can see what blogging features are or aren’t available in D2L.

IR staff members are meeting to discuss the WordPress service in a few weeks. Kristen asked if faculty members can participate in this conversation, and Jim said that he will let TAG know when faculty input is needed. TAG will expect to see drafted language on service levels for WordPress at our November meeting, in the hopes that the service may be available for use in Spring 2014.

TAG Senate Status (Dave)

Dave (as TAG’s Faculty Senate liaison) reported that Senate president Rebecca Mikesell would like to propose that TAG become a full Senate Committee, (possibly called the Technology Advisory Committee). The membership criteria would be the same as we discussed last year for TAG as a subcommittee of the Academic Support committee — that is, flexible membership aiming for representation from CAS, PCPS, KSOM, and the Library, with at least one faculty Senator, who will serve as TAG’s liaison to the Senate. Dave noted that if TAG is a full Senate committee, TAG’s Senate liaison will serve on the Senate Executive committee.

TAG members had no objections to the proposal, which will likely be brought up for a vote at the September 13 Senate meeting.

4. New Business

Jim gave us some quick updates on changes that will affect or interest faculty:

  • Desktop computer logins — by the end of 2013, logins for desktop computers will change to the user’s R number and my.scranton password – so users will not have to remember a separate desktop password. This is part of the continued implementation of Active Directory authentication.
  • Google Chrome browser — IR will begin providing Google Chrome to University computers via KBOX. There are still some details to be worked out on this – Jim will let us know when it will happen and what will happen for users who already have Chrome installed.
  • Office 365 — We converted to Office 365 from Live@Edu over the summer. We’ve already benefited from increased email storage space and access to “lite” cloud versions of Office software. We will see a few new features later this fall, including Lync instant messaging and SharePoint collaboration software.

Kristen and Dave will meet with Jerry DeSanto, Robyn Dickinson, Lorraine Mancuso, and Jim on September 25 for a full “road map” discussion of what’s coming this year from IR for faculty.

The meeting adjourned at 2:50pm – TAG will reconvene on Wednesday, October 2 at 2:00pm in LSC591 (CTLE Conference Room).


Comments : Leave a Comment »
Tags: , , , , , , , , , , , , , , , , , , , , , ,
Categories : Angel and Desire2Learn, Announcements, CMS and University Website, Minutes, Website Proposal

Identity Finder and confidential data

14 04 2013

At our last TAG meeting, IT Services Director Jim Franceschelli and Information Security Director Adam Edwards invited faculty feedback on their Identity Finder Proposal on Automated Scans. For those just joining us, Identity Finder software scans your (Windows) computer for sensitive, unsecured Personally Identifiable Information (PII). The Information Security Office and IT Client Services are jointly proposing implementation of weekly, automated, required Identity Finder scans (see the proposal for details). During the meeting, TAG members shared some concerns about scheduling and performance effects. After the meeting, we received additional concerns from Bryan Burnham (Psychology), a member of the Institutional Review Board, that Identity Finder scans of machines storing human research subject data or client files (from a counseling practice, for example) would breach subject confidentiality. Concerns are paraphrased here:

There are privacy issues related to data collected on human research subjects that must be considered before automated Identity Finder scans of machines can occur. Specifically, we (IRBs, DRBs, PIs – primary investigators) ensure complete and total privacy of our human research subjects’ data, especially sensitive information (names, emails, Royal IDs, social security numbers), some of which is undoubtedly stored on computer hard drives. [The same is true for client files maintained by counselors or clinicians.]

“Subject confidentiality” means that knowledge of a person’s participation in a research study is between the human subject and only the PI. That is, a subject is guaranteed by the PI that knowledge of their participation as well as their personal and sensitive data will not be open or available to any third party – meaning anyone not associated with the research project. The automated Identity Finder scans would, in effect, view confidential human research subject data and client information that, by definition, cannot be viewed by others.

It should be noted that the Identity Finder reports that the Information Security office receives are redacted, showing a masked version of a potentially problematic file and the location where it was found, and are only accessible to the Information Security Director (Adam) and the Information Security Engineer (Scott Finlon). However, Bryan noted that the scan itself is the issue: third parties (including other University divisions/employees and University-owned software) are not allowed to access or see confidential subject information.

Bryan, Jeremy, Kristen, Adam, and Scott got together on Friday to get a better understanding of this issue and what options there might be for general campus implementation of automated Identity Finder scans without violating subject confidentiality.

We discussed a few options that IR and TAG  could consider for Identity Finder, each with varying advantages/disadvantages. A significant complication, however, is that at this point we don’t know how many researchers on campus have this kind of data, where it’s stored (faculty, staff, student, and/or lab machines? cloud storage?), and whether it’s encrypted or otherwise protected against security breaches (malicious or inadvertent). Bryan stressed that researchers are responsible for their own data and for ensuring subject confidentiality, and neither the IRB nor the University can impose or require specific data management practices, at least under current IRB policies.

Scott noted that the Identity Finder question is only the top layer of broader issues of privacy, security, and digital records management on campus, and that research data stored on a researcher’s hard drive or in cloud storage could be vulnerable to external attack. Both Adam and Scott mentioned that Identity Finder, used appropriately, could help researchers protect subject confidentiality by locating vulnerable information and prompting the researcher to take further steps towards securing it. We agreed, though, that educating researchers about data security and encouraging more secure data management practices (encryption, password protection, etc) will be a longer, more involved, and more inclusive conversation – but a conversation that needs to happen nonetheless.

Next steps: Bryan will bring this discussion to the IRB at their April 16th meeting for additional input and will share any relevant guidelines from grant agencies (e.g., Department of Health & Human Services), and his and others’ own digital data management practices. Adam and Scott will reach out to Identity Finder and other university security offices re: how others have handled this issue. They are willing to continue discussing accommodations for researchers storing sensitive data, if we can find all of them or somehow get them to self-identify. TAG might be able to help survey the faculty on this question (yes/no/unsure) – multiple outlets should be used to try to catch everyone’s attention. The IRB, ORSP, and TAG may want to coordinate a faculty forum on this topic.

We’re still early on in this discussion, so please contact TAG if you have any insight, concerns, or questions that we might not have considered yet.

 


Comments : Leave a Comment »
Tags: , , , , ,
Categories : Announcements, Network and Infrastructure, Security