Skip to Search
Skip to Navigation
Skip to Content

University of Connecticut University Information Technology ServicesInformation Security Office

Information Security Office - About Us

Our Mission

The mission of the Information Security Office (ISO) is to design, implement and maintain an information security program that protects the University's systems, services and data against unauthorized use, disclosure, modification, damage and loss. The ISO is committed to engaging the University community to establish an appropriate information security governance structure that enables collaboration and support for new information security initiatives.

Contact

The UITS Information Security Office can be contacted by email or phone.
UITS Information Security Office
P: 860.486.4357 (HELP)
E: security@uconn.edu

2011/05/03

Technical Security Council (TSC)

Bi-Weekly Status Meeting

Meeting Date/Time: Tuesday, May 3, 2011 /1:30 PM Eastern Time

Attendees: Present: Mick DiGrazia, Steve Maresca, Robert Sheahan, Linda Baker, Jon Loux, Jeremy Pollack, Dan Capetta, Jonathan Gill, Nicholas Eshelman, Jessica Alson, Matt Smith, Mike Lang, Jeff Pasiuk, Mike Oatley, John Gwinnell, Dan Nevelos, Ed Swindelles, Philip Dean, Jeff Farese, Victor Schiavi,  Brett Paulson

Absent: Jason Pufahl, Bruce Gerber, Connie Tomecko, Rob Chudzik

Documenter: Catherine Rhodes

#

Topic

Speaker

Discussion

Summary
1 Policy Mick Mick opened the floor to additional discussion around security policies.
2 Resources Robert Sheahan Robert expressed concern over the amount of resources needed to adhere to policies. Resources are needed to adhere to policies.

TSC will be involved in determining how best to implement security policies.
3 Listserv Dan Capetta Dan suggested a listserv that this group could use to collaborate on topics such as code reviews. TSC would like a listserv to aid in collaboration.
4 Effective Date Dan Capetta Dan suggested that the Security Office provide effective dates on policies. There has to be a window of time to certify applications. TSC requested an effective date for policies to allow time to implement.
5 Policy Tools Dan Nevelos Dan Nevelos suggested that the spreadsheet that Mick created to help determine which polices apply to a specific department was helpful. Will you publish it?

The Security Office would like to make this more usable as database.

 Tools are needed to help departments adhere to policies.
6 Vulnerability Assessment Mick The Security Office has some tools to help you with vulnerability assessments.

Nessus and Nexpose

Load your host into a web page and it will give you a report of your security posture.

 The Security Office has some tools to help you with vulnerability assessments.

Email the security office for access if you are interested
7 Identity Finder Mick Mick reviewed the capabilities of Identity Finder.

  • Prepackaged client
  • Distributed management approach
  • Encryption – need to test to determine how best to use this feature.
 TSC will provide help with determining how to best implement Identity Finder.
8 Filelocker Mick Mick provided a demo of Filelocker.

File Locker provides a means to share sensitive documents.

Open source, created by Purdue. Not perfect but does a good job at sharing files with people who have a NetID. Still in pre-production.

https://Filelocker.uconn.edu/

You can share with a public url.

You can encrypt the files.

Has a CLI (command line interface). Purdue uses this to upload files to student dropbox account. It is a python script.

Users need to log in to filelocker in order for you to share a file with them.

There are no policies related to retention or file size as of now.

Does have an audit trail.

Security Office is creating documentation for this.

 Filelocker will help with sharing confidential files.
9 Filelocker John Gwinnell John expressed concern that Filelocker is a stand-alone program. There is an enterprise-wide initiative related to file services in progress. There is a concern that Filelocker may be a standalone program that will not interface with the enterprise-wide file services initiative that is in progress.
10 Fileocker Dan Capetta What is availability of Filelocker?

Dan will work with Matt Smith to determine the file sizes and availability that he needs.

 Contact Matt Smith if you have specific questions about Filelocker.
11 TSC Usefulness Mick Mick asked the group to provide feedback as to whether or not the TSC is meeting your needs. Is TSC meeting your needs?
12 TSC Usefulness Jeremy Pollock

John Gwinnell

 Jeremy appreciates the updates that the Security Office is providing. He would like these meetings to afford more of an opportunity for collaboration.

John Gwinnell – Will we expand the group further to include areas like the Law School?

What is notification method to our branch locations for enforceable policies?

 TSC should become more collaborative as we move forward.

TSC needs to determine notification method for enforceable policies.
13 Next Meeting Agenda Agenda for next meeting:

  • Feedback on Filelocker
  • Identiy Finder Demo
  • SafeConnect Demo
 -

Open Action Items:

# Name Action Status Due Date

Closed Action Items:

# Name Action Status Due Date
Action-1 All Review Information Security Policies. Be prepared to discuss short-comings you recognize in your review. Closed 4/21/2011
Action-2 Jason Send Outlook calendar invitation for future meetings Closed 4/15/2011
Action-3 Jason Change location of meeting invitation. Closed 4/25/2011