Technical Security Council (TSC)
Bi-Weekly Status Meeting
Meeting Date/Time: Tuesday, May 3, 2011 /1:30 PM Eastern Time
Attendees: Present: Mick DiGrazia, Steve Maresca, Robert Sheahan, Linda Baker, Jon Loux, Jeremy Pollack, Dan Capetta, Jonathan Gill, Nicholas Eshelman, Jessica Alson, Matt Smith, Mike Lang, Jeff Pasiuk, Mike Oatley, John Gwinnell, Dan Nevelos, Ed Swindelles, Philip Dean, Jeff Farese, Victor Schiavi, Brett Paulson
Absent: Jason Pufahl, Bruce Gerber, Connie Tomecko, Rob Chudzik
Documenter: Catherine Rhodes
|1||Policy||Mick||Mick opened the floor to additional discussion around security policies.|
|2||Resources||Robert Sheahan||Robert expressed concern over the amount of resources needed to adhere to policies.||Resources are needed to adhere to policies.
TSC will be involved in determining how best to implement security policies.
|3||Listserv||Dan Capetta||Dan suggested a listserv that this group could use to collaborate on topics such as code reviews.||TSC would like a listserv to aid in collaboration.|
|4||Effective Date||Dan Capetta||Dan suggested that the Security Office provide effective dates on policies. There has to be a window of time to certify applications.||TSC requested an effective date for policies to allow time to implement.|
|5||Policy Tools||Dan Nevelos||Dan Nevelos suggested that the spreadsheet that Mick created to help determine which polices apply to a specific department was helpful. Will you publish it?
The Security Office would like to make this more usable as database.
|Tools are needed to help departments adhere to policies.|
|6||Vulnerability Assessment||Mick||The Security Office has some tools to help you with vulnerability assessments.
Nessus and Nexpose
Load your host into a web page and it will give you a report of your security posture.
|The Security Office has some tools to help you with vulnerability assessments.
Email the security office for access if you are interested
|7||Identity Finder||Mick||Mick reviewed the capabilities of Identity Finder.
||TSC will provide help with determining how to best implement Identity Finder.|
|8||Filelocker||Mick||Mick provided a demo of Filelocker.
File Locker provides a means to share sensitive documents.
Open source, created by Purdue. Not perfect but does a good job at sharing files with people who have a NetID. Still in pre-production.
You can share with a public url.
You can encrypt the files.
Has a CLI (command line interface). Purdue uses this to upload files to student dropbox account. It is a python script.
Users need to log in to filelocker in order for you to share a file with them.
There are no policies related to retention or file size as of now.
Does have an audit trail.
Security Office is creating documentation for this.
|Filelocker will help with sharing confidential files.|
|9||Filelocker||John Gwinnell||John expressed concern that Filelocker is a stand-alone program. There is an enterprise-wide initiative related to file services in progress.||There is a concern that Filelocker may be a standalone program that will not interface with the enterprise-wide file services initiative that is in progress.|
|10||Fileocker||Dan Capetta||What is availability of Filelocker?
Dan will work with Matt Smith to determine the file sizes and availability that he needs.
|Contact Matt Smith if you have specific questions about Filelocker.|
|11||TSC Usefulness||Mick||Mick asked the group to provide feedback as to whether or not the TSC is meeting your needs.||Is TSC meeting your needs?|
|12||TSC Usefulness||Jeremy Pollock
|Jeremy appreciates the updates that the Security Office is providing. He would like these meetings to afford more of an opportunity for collaboration.
John Gwinnell – Will we expand the group further to include areas like the Law School?
What is notification method to our branch locations for enforceable policies?
|TSC should become more collaborative as we move forward.
TSC needs to determine notification method for enforceable policies.
|13||Next Meeting Agenda||Agenda for next meeting:
Open Action Items:
Closed Action Items:
|Action-1||All||Review Information Security Policies. Be prepared to discuss short-comings you recognize in your review.||Closed||4/21/2011|
|Action-2||Jason||Send Outlook calendar invitation for future meetings||Closed||4/15/2011|
|Action-3||Jason||Change location of meeting invitation.||Closed||4/25/2011|