Skip to Search
Skip to Navigation
Skip to Content

University of Connecticut University Information Technology ServicesInformation Security Office

Information Security Office - About Us

Our Mission

The mission of the Information Security Office (ISO) is to design, implement and maintain an information security program that protects the University's systems, services and data against unauthorized use, disclosure, modification, damage and loss. The ISO is committed to engaging the University community to establish an appropriate information security governance structure that enables collaboration and support for new information security initiatives.

Contact

The UITS Information Security Office can be contacted by email or phone.
UITS Information Security Office
P: 860.486.4357 (HELP)
E: security@uconn.edu

2011/05/17

Technical Security Council (TSC)

Bi-Weekly Status Meeting

Meeting Date/Time: Tuesday, May 17, 2011 /1:30 PM Eastern Time

Attendees: Present: Mick DiGrazia, Steve Maresca, Robert Sheahan, Linda Baker, Jeremy Pollack, Dan Capetta, Jonathan Gill, Nicholas Eshelman, Jessica Alson, Matt Smith, Mike Oatley, John Gwinnell, Dan Nevelos, Ed Swindelles, Philip Dean, Jeff Farese, Victor Schiavi, Brett Paulson, Connie Tomecko

Absent: Jason Pufahl, Bruce Gerber, Rob Chudzik, Jon Loux, Mike Lang, Jeff Pasiuk,

Documenter: Catherine Rhodes

# Topic Speaker Discussion Summary
1 Filelocker Mick Mick opened the floor to additional discussion around feedback on Filelocker There were no questions or feedback on Filelocker.
2 Filelocker Mick Documentation for filelocker is up on:

Web2.ucon.edu/filelocker

 Web2.uconn.edu/filelocker

Contains Filelocker documentation
3 Identity Finder Mick Supports MAS OS and Windows client. Similar in interface and functionality. It is prepackaged and preconfigured to scan for ssn, bank accounts, credit cards, and passwords. We are pre-configuring the scanning options. You can adjust these without re-installing the software.
4 Identity Finder Mick The software does use resources on laptop, can be resource intensive. Can be resource intensive.
5 Identity Finder Mick Concern about load on file servers, will have to work through this. We will have to work together to determine best options for scanning file servers.
6 Identity Finder Mick This is a client server software

Gets policy updates and ??? from the server/console. We are not licensed to use Identity Finder on personal computers.

 It is Client Server software
7 Identity Finder Mick Can it be scheduled? You can schedule the scans by server or for group of servers.
8 Identity Finder Mick Console Requires Microsoft Silverlight Console Requires Microsoft Silverlight
9 Identity Finder Mick Major question – how will we manage the endpoints when we have thousands of them. Mick will work on how best to manage access to the endpoints?
10 Identity Finder Mick How approach PIDs The approach to PIDs is outstanding.
11 Identity Finder Mick What if PC is not on AD? PCs do not need to be in AD to be scanned.
12 Identity Finder Mick Can user do other work while a scan is running? Runs In background.
13 Identity Finder Mick Need AD Administrative NetID to log in to the console. Contact Mick to receive the software.
14 Identity Finder Dan Capetta

Robert Sheahan

 Request was made to put in writing that the Security Office will not push software out to departments without their knowledge TSC requests that software not be pushed to PCs without their knowledge
15 Identity Finder Dan Capetta What is the timeline for deployment Identity Finder timeline is no finalized.
16 Identity Finder Dan Capetta It would be useful for you to provide a matrix that lists the risks that Identity Finder may find and the corresponding UConn policy number that applies. It would be useful to identify which policies are at risk with each type of data that is found by Identity Finder.
17 Identity Finder Dan Capetta Dan expressed concern related to:

  • • Cross-applying policies to endpoints, since policies seem to be nested
  • • Impersonating users – running the software as a user without their knowledge
 Mick needs to work out how best to address cross-applying policies and impersonating users.
18 Agendas Robert Sheahan Request is to post agenda in PDF format

Add location field to agenda

 Please post agendas in PDF format
19 SafeConnect Information Sessions Catherine Catherine reminded the group that final SafeConnect information sessions are scheduled for the 19th and 24th of May. Final SafeConnect Information Sessions are scheduled for May 19th and May 24th at Bishop Center at 8:30 and 10:30 each morning.
20 Next Meeting Agenda Agenda for next meeting:

  • • SafeConnect Demo
 Next meeting is June 7th.

Open Action Items:

# Name Action Status Due Date

Closed Action Items:

# Name Action Status Due Date
Action-1 All Review Information Security Policies. Be prepared to discuss short-comings you recognize in your review. Closed 4/21/2011
Action-2 Jason Send Outlook calendar invitation for future meetings Closed 4/15/2011
Action-3 Jason Change location of meeting invitation. Closed 4/25/2011