Google Drive

25 04 2012

We know there are a lot of Google fans out there on campus, so we thought we’d pass along this link from Information Security manager Tony Maszeroski:

“Who owns your files on Google Drive?”

Or if you need background, “The Google Drive FAQ.”


Comments : Leave a Comment »
Tags: , , ,
Categories : Announcements, Security

Incidental Use Policy — Preliminary Review

8 12 2011

The Information Management Advisory Committee (IMAC) invited TAG (represented by Jeremy Sepinsky) to attend their meeting on November 11, 2011 in order to discuss the preliminary proposal for a new “Incidental Use Policy” proposed by the Division of Planning and Information Resources (PIR). This policy is part of an ongoing effort to update and revise the “Code of Responsible Computing”. Other policy updates will be forthcoming.

The Incidental Use Policy can be found here: Incidental Use Policy.

TAG and IR is currently in the process of circulating this document through the faculty Senate and the union, and we will be reporting our comments on the document from those sources. Concerned individuals are encourage to submit their comments and/or feedback to TAG ( tag-discussion@royallists.scranton.edu) and or Tony Maszeroski in PIR. Comments should be submit by Friday, January 6 so they can be included in next revision.

In what follows, we post the comments and concerns that TAG has already brought up in regards to this policy. Please add your comments, questions, and concerns in the comment section below.

TAG Comments on the Information Use Policy

    Summary Comments

  • TAG applauds PIR’s effort and interest in bringing this to the attention of the University Community at this early stage in the process when changes can be made and the policy amended. The intent of the policy is well meaning and has an appropriate function. PIR has done a good job of being fair and even-handed with the policy. However, there are a number of places where the policy as written may impact the faculty in unforeseen ways.
  • The Incidental Use is not intended to restrict or limit the reasonable use of the University technology infrastructure. Instead, it is meant to provide a context for when and how university services can be accessed for non-university purposes. The primary intent of policy is to state that the non-job-related use of the university’s infrastructure is permissible provided that such use does not interfere with an employee’s job-specific responsibilities and/or compromise university infrastructure.
    Specific Comments

  • The policy states that the incidental use of university technology resources should not “Create the appearance of impropriety or unethicality” (Page 1, letter d). These terms are ambiguous and could be used against faculty pursuing outreach or research in certain controversial topics. It is important that a policies such as this, if implemented, cannot be used as an additional “tool” for the administration or other faculty to limit or censure faculty use of technology. Statements such as this have the capability of limiting academic freedom if abused. To this end, the American Association of University Professors has this to say about policies such as this (Academic Freedom and Electronic Communications):

    The difficulty with language such as “only official university business,” apart from a distressing lack of precision, is the inherent invitation to selective use of such a standard by an administration anxious to impose substantive constraints on faculty activity. Any restrictions that an institution feels it must impose on “acceptable use” must therefore be clearly and precisely stated, must be content-neutral and narrowly defined, and should address only systemic abuses by users, such as the posting or sending of material that would cause the system to malfunction or would severely inhibit the access of other users.

  • Similarly, item “e” states that the use not be “of unreasonable time, duration, or frequency”. The definition of “unreasonable” can vary from person to person and department to department. If “unreasonable” is defined as “a time such that it interferes with the employee’s duties”, then it simply falls under item “g” which states that such use cannot interfere with the fulfillment of the employee’s responsibilities.
  • The definition of “Incidental Personal Use” on page 2 states that it is something that is unrelated to their “University Employment”. Given the vagueness of the job description of faculty, stating whether or not one’s actions are related to “university employment” is difficult. It is unclear as to who would be making such a determination in the context of the faculty.
  • Page 3, in the statement under “Determination of relation to mission” no mention of the Computer Use Board is made. The Computer Use Board is a body that already exists and is defined in the “Code of Responsible Computing”. This is particularly relevant because it is explicitly stated that there shall be faculty representation on the Computer Use Board. The group proposed here does not specifically state the inclusion of a faculty member in the group who determines whether or not such use in “mission-related”. We feel it is necessary for someone who understands faculty use of technology to be included in the judgement of whether a faculty’s use is to be deemed inappropriate. This is also relevant in the determination of the “sanctions” as listed at the bottom of page 3
  • On Page 3, under “determination of incidental personal use,” the “senior management of each University department” is the one who determines the nature and extent of acceptable incidental personal use. It is unclear who this body or individual is for the faculty.

Comments : 3 Comments »
Tags: ,
Categories : Announcements, Security

Web Quota Spam, DO NOT CLICK

5 11 2011

It was just brought to our attention that there is a phishing e-mail going around campus with the subject “Dear Account User‏”

This is spam, please do not click on the link. They will attempt to get your login information and compromise our network.

The text of one such e-mail is below.

From: onwatch1@wavecable.com
To: undisclosed-recipients: ;
Date: Sat, 05 Nov 2011 10:02:53 -0700
Subject: Dear Account User‏
Dear scranton.edu Subscriber,

We are currently carrying-out a upgrading mantainance process to all scranton.edu account. Please click the link below to boost your scranton.edu webmail quota.


Comments : Leave a Comment »
Tags: , , ,
Categories : Email, Security

IT Forum on Data Security

16 10 2011

Announcement from IR about an upcoming IT Forum:

Classifying, Handling, and Securing University Information

IT Services will conduct an IT Forum on Tuesday, October 25, 2011, at 11:30 a.m., in The DeNaples Center 405, dealing with classifying, handling, and securing University information, both electronic and paper. The discussion will focus on, first, classifying our information into easy to understand categories. Secondly, how to properly handle that information in our daily routines. Finally, we’ll discuss how to secure that information.

October is CyberSecurity Awareness Month and this forum should bring attention to the threats we face each day, with the use of electronic devices. We’ll also discuss the benefits of using Identity Finder, and the SANS Security video training available, as well. Registration is required.

To register, go to: https://ssbprd.scranton.edu/appprd/uis2.log?f=yiaevnt.event .

Lunch will be served.
Prizes will be given.
Jack Williams, IT Trainer, will give the presentation.


Comments : Leave a Comment »
Tags: , , ,
Categories : Announcements, Security, Technology Training

TAG Meeting Notes 9/29/11

29 09 2011

We had our first TAG meeting of 2011-2012 this morning.  We had a lot to catch up on from the summer, so apologies for the long notes! As always, post a comment if there are any questions or concerns.

  • New members. Teresa Conte joined us from Nursing as a replacement for Cathy Lovecchio. Ben Bishop (Computing Sciences) joined us late last spring, as did Lori Nidoh (representing Public Relations). S.P. Chattopadhyay is currently on sabbatical, and Kevin Wilkerson has returned from his.
  • Novel Pedagogy Cohort. Jeremy and a few other CAS faculty members have formed a small group to explore and implement new pedagogy techniques in their classes – some of which involve technology while others don’t.  Tools to be explored include lecture capture and clicker systems. If any other faculty are interested in innovative pedagogy, let Jeremy know.
  • Lecture capture.  A team of stakeholders (including TAG members Jeremy, Kristen, Sandy, and Eugeniu) met several times in the spring and summer to review possible products for lecture capture.  The final recommendation was a hybrid solution of Media Site (as a back end) and Crestron HD appliances for the actual capture. Implementation will start in the Science Center and then spread to other departments. Right now, IR is working on setting up the back end servers while VistaComm is implementing the front end capture devices. The goal is to have LSC lecture capture ready to go by Spring 2011, and then expand to other departments next year as funding allows. Sandy and Teresa noted that Education and Nursing would be very interested in implementing lecture capture in their classrooms. Thanks to Jason Oakey over in Instructional Technology for taking the lead on this project!
  • Office 2010.  The upgrade to Office 2010 for faculty and staff is tied to the email conversion (see below) due to the incorporation of Outlook.
  • Windows 7. The upgrade to Windows 7 for faculty and staff machines currently running Windows XP is held up due to a security issue. XP users are currently admin users on their computers. While this gives us a lot of flexibility and control over our own machines, it also introduces security risks – users can accidentally install malicious code.  When we move to Windows 7, IR will change XP users’ roles from admin to standard user accounts. By default, standard users wouldn’t be able to install or delete applications, but ideally there will be a way for users to obtain temporary admin status when they need to install programs. IR is currently working out these privilege management issues, so Windows 7 deployment is pushed back to (tentatively) Spring 2011.   Wesley asked about 64 bit vs 32 bit machines – Jim said that by default new machines will be 32 bit, but faculty who need 64 bit should let him know.
  • Email conversion. The Microsoft Live @ Edu email transition has been delayed by issues with identity management (e.g., automatically assigning set permissions to new hires, and removing permissions from retirees, departing employees, etc). IR is working on a workaround plan that would let us go forward with the email conversion while temporarily skipping over identity management. IR is aware of “crunch times” in faculty schedules, so faculty email conversion will probably wait until intersession or beyond.
  • Personally identifiable information.  Ben asked about security concerns for faculty members who don’t use University email.  Jim recommends that any University business, and especially any University business that involves confidential information, be done using University services (like Angel and Royal Drive). The Identity Finder tool is available to help faculty and staff find any PII that might be on their machines. IR also has security training videos that faculty can watch to get an entry-level awareness of PII.
  • Information Resources Advisory Committee.  IRAC had been inactive for a year but is now reconstituted. IRAC members will be providing input on IR’s service portfolio. TAG members Dave, Paul, Eugeniu, and Lori will be on it as CAS faculty, PCPS faculty, CTLE, and PR representatives, respectively.
  • TechQual. IR ran this customer service survey over the summer. Preliminary results just came in, but IR is still processing them and will present them to IRAC next month.
  • Loyola Science Center. Most of the IT work in LSC is done, but there are still a few equipment issues popping up in classrooms. IR will continue working on this. Remaining projects include lecture capture, the auditorium, and RoomView, a tool that will allow Instructional Technology to monitor and maintain classroom equipment (e.g., whether or not a projector has been left on).
  • Wireless. The wireless upgrade project was approved.  Phase I (freshmen residences, the new Mulberry Street residences, and the LSC) is complete and adds 350 new WiFi points to the campus. Phase II is currently underway and will add 252 WiFi points in 21 buildings (residences, St. Thomas, and the Long Center). Phase III is scheduled for summer 2012 and will include the remaining academic and administrative buildings as well as outdoor coverage.  This is a big improvement – many thanks to the Network Infrastructure staff!
  • CTLE liaison. CTLE used to have two faculty liaisons who focused teaching and pedagogy. They have now added a third faculty liaison, TAG member Sandy Pesavento, to provide input on faculty interests and needs regarding pedagogical uses of technology.
  • Mobile access to Angel. CTLE and IR experimented with Blackboard’s iOS app for Angel, but found it to be a very limited tool, particularly for teachers (e.g., faculty can’t enter grades or interact with Angel dropboxes).  So mobile access to Angel still isn’t conveniently available at this time.
  • LMS review. Our contract with Angel expires in 2013, so a review committee will begin exploring other learning management system (LMS) options in January. Connie Wisdo in ITDA will lead the group. Eugeniu said that we might have an opportunity to use a “free” installation of Blackboard temporarily (on top of our existing Angel installation) so that faculty could try it out. Dave asked whether or not we would be able to migrate courses from Angel into a new LMS. Eugeniu said that from our current version of Angel (7.4), we could export/import single courses into Blackboard, with some imperfections. If we upgraded to v8 of Angel, we’d be able to batch migrate courses. Blackboard would also complement our Royal Card and emergency notification systems, since they’re Blackboard products (Transact and Connect), but it might not be easily tied into Banner.
  • Academic Technology Plan. The Provost’s office has no updates on the Academic Technology Plan.
  • Mobile website and app. Lori shared some analytics to give us an idea of how the mobile website and mobile app are being used. The app has been downloaded 7,604 times (mostly by iOS rather than Android devices). An in-app poll asked about the user’s identity, and 57% of the poll-takers were current students, 28% were alumni, 10% were prospective students, with faculty, staff, and other community members making up only 6%.  New app modules include Admissions and the Library (live but still being tweaked), with an Alumni module on the way. An iPad version is also on the timeline for this year, and hopefully mobile authentication is on the horizon.  The m.scranton mobile site is getting plenty of traffic. The most commonly viewed mobile pages are the home page and the admissions and academics home pages. [Note: Stats on the mobile app are here (in PDF). Stats on the mobile site are here (also in PDF).] PR is also setting up automatic redirects from the full site to the mobile site for recognized mobile devices – right now, the only active redirect is from the full site home page to the m.scranton home page.
  • Faculty websites. We’ve figured out a good workflow for faculty websites with CTLE. Any faculty member who wants to create a new website in the CMS should contact Aileen McHale in the CTLE. The CTLE TechCons will set up the faculty member’s web space, and then can help him or her as needed with templates or other support.  Sandy and Anne Marie would like to encourage faculty members (and any other page admins) to keep their websites current.
  • Continuing education. TAG members interested in learning more about academic uses of technology should keep an eye out for continuing education opportunities, since funding may be available. Jeremy and Sandy will each attend a day of the EDUCAUSE conference, courtesy of the Provost’s office.  Anne Marie and a few representatives from IR will also attend. TAG members who do participate in continuing education are asked to report back and share conference highlights.
  • Computerized testing. Teresa reported on concerns from the Nursing department. Nursing licensing exams are all online, so the department uses computerized testing to help their students prepare for the licensing environment.  Nursing faculty have run into trouble finding places to conduct their computer tests – there isn’t enough space to accommodate large classes, and classrooms that do accommodate that many students have been booked for other courses.  An ideal solution would be a large “shared resource” lab (possibly run by CTLE/Library) that faculty could schedule for tests, with computers set up to restrict access to the testing environment. Anne Marie suggested that we look at how other schools have solved this problem. Teresa will get more details on Nursing needs. Jim asked if other departments have this need, and for what class sizes. Once we have more information, we can agree on a good solution and then seek funding.
  • Our next meeting will be October 27. TAG members are asked to keep collecting (specific!) feedback from other faculty members on technology concerns or issues, and we’ll keep sharing information here as projects continue.

——

Note: Updated 10/24/11 with PDF docs of mobile app and website statistics shared during the meeting.


Comments : Leave a Comment »
Tags: , , , , , , , , , , , , , , , , , , ,
Categories : Angel and Desire2Learn, Email, Minutes, Mobile, Network and Infrastructure, Security, TAG Administrative, Upgrades

Identity Finder: Coming Soon on KBOX

5 05 2011

Today’s IT Forum with trainer Jack Williams was all about Identity Finder. What faculty need to know:

  • Sometime next week, KBOX will push out a new program to your computer called Identity Finder.
  • Identity Finder is a software tool that scans your computer for unsecured Personally Identifiable Information (PII).  It looks for things like Social Security numbers, credit card numbers, bank account numbers, passwords, etc (full list here) using pattern recognition and contextual analysis.
  • While the program will be automatically installed by KBOX, it won’t run automatically – so you can choose when you want to run it.  Jack recommends running it once each quarter.
  • When you do start the program, it will scan all of the files saved on your computer (including any email and email attachments that you have saved locally) and search for PII.  Jack noted that the scan can take a long time (average 3.5 hours), but you can run it in the background as you do other work.
  • At the end of the scan, Identity Finder will show you a list of any information it has identified as potential PII.  You can then review that report and decide how to act on each item. Options are to “shred” (delete completely from your machine), “scrub” (redact the sensitive information from the document), “secure” (password-protect the file), “quarantine” (save to a secure location, i.e. a folder on RoyalDrive), “recycle” (send to recycling bin), or “ignore” (for false positives – the file will be ignored in future Identity Finder scans).  If Identity Finder picks up PII in a Thunderbird email file, Jack recommends deleting it by going through Thunderbird rather than through Identity Finder.
  • You’re the only person who can review your scan results (there’s no automatic reporting back to IR, for example). When the scan is complete, Identity Finder sends a brief report back to a central management server indicating what PII has been found and what PC it is on.  It does not allow that central server to access the actual files on your machine.  The only people who can access that central server are the staff of the Information Security Office, and they will review Identity Finder reports from a University machine only in two situations: 1) if the security of a machine has been breached, or 2) if the head of a department or area requests the reports to validate the security of machines in their area.
  • Step-by-step instructions will be available here.  Jack has also posted basic and detailed instruction guides (PDF).

Please pass the word along to your fellow faculty members so that no one’s caught off guard next week, and let me know if there are any questions. Thanks!

————–

Updated 5/6/11 with correction from Jim regarding reporting


Comments : Leave a Comment »
Tags: , , ,
Categories : Announcements, Security

IT Forum on Identity Finder 5/5

19 04 2011

We’re all invited to the next IT forum (5/5 from 11:30-1pm) to learn more about Identity Finder.  Here’s the invite from IT Services:

Join us at the next IT Forum set for Thursday, May 5, in Brennan Hall, room 509, for an important and interesting look at Identity Finder. This easy-to-use program will allow the entire University of Scranton community to secure the very important information we have stored on our computers.

Identity Finder looks for those files we keep that may be targets for identity theft and other malicious acts. Files holding Social Security numbers, credit card numbers, driver license numbers, bank account data, passwords and more, can be secured to prevent any unauthorized use of your files or data belonging to the University.

Jack Williams, IT Services Training Specialist, will be presenting. All University personnel are encouraged to attend, and lunch will be provided. Please RSVP by e-mailing ITServices@scranton.edu by Monday, May 2.


Comments : Leave a Comment »
Tags: , ,
Categories : Announcements, Security, Technology Training

Forefront Replacing McAfee

8 03 2011

Just a reminder to everyone that IR is deploying Microsoft Forefront as new antivirus software (replacing McAfee) on campus computers.  This is great news – McAfee is pretty resource-intensive and often slows down machines.

The week before your computer is scheduled for deployment, you’ll get an email from IT Services.  Installation will happen overnight, starting at 7pm and completing by 4am the following morning.  You won’t be able to use or access your computer during the installation time.  Your machine must be left on during that time since the installation will happen through KBOX.

While Forefront is being installed, your computer name will be changed, so if you use your computer name for peer to peer use, contact the Technology Support Center prior to the day your computer is scheduled for deployment.

This update is only for Windows machines – there will be a change in Mac antivirus software, but that won’t happen until sometime in the future.

TAG has asked IT Services for an implementation schedule, which we’ll post here when we get it.

Let us know if you have any questions, and we’ll do our best to answer!


Comments : 3 Comments »
Tags: , , ,
Categories : Outages, Security

CNAC upgrade

7 02 2011

Just a reminder that this Wednesday, you’ll have to log in again to CNAC in order to access the University network.

What’s CNAC? Click here for more than you ever wanted to know – Jeremy’s explanation.

Here’s the upgrade announcement from IR, emailed out to all faculty today:

On Wednesday, February 9th the re-authentication will also upgrade your CNAC client.  On Wednesday, all end-users will be prompted with the following:

NAC Agent 4.8.032 is available.  Do you want to install this update now?

Click OK and after a few minutes the new Cisco NAC Agent will install.

Once the install is complete, you should enter your University user name and password into the CNAC agent to gain network access.

This process will allow us to continually assess the validity and health of our computing environment.  A CNAC re-authentication process will routinely occur on the second Wednesday of each month.

Thank you for your patience and understanding as we implement these changes.  If you have any questions or concerns, please contact the Technology Support Center at 570-941-HELP or at techsupport@scranton.edu


Comments : Leave a Comment »
Tags: ,
Categories : Announcements, Security, Upgrades

CNAC Upgrade on the way

25 01 2011

IR posted a note to Royal News about an upgrade to CNAC (emphasis ours):

Cisco Network Access Control (CNAC) will be upgraded to the latest version on Tuesday, Jan. 25, between 10 – 11 p.m. Downtime should be approximately five (5) minutes. The next time you authenticate your computer in CNAC you will be prompted to install a new Cisco NAC Agent. If you have any questions or problems, please contact the Technology Support Center at 941-HELP or techsupport@scranton.edu.

 

What’s CNAC? Click here for more than you ever wanted to know – Jeremy’s explanation.


Comments : Leave a Comment »
Tags: , , ,
Categories : Announcements, Network and Infrastructure, Outages, Security, Upgrades

« Previous Entries Next Entries »