Common Systems Group (CSG)
August 23, 2005
Meeting Summary
CSG Attendees: Jim Davis, Steve Duim, Jason Frand, Carol
King, Max Kopelevich, Peter Kovaric (for Bill Jepson), Kathleen O’Kane, Tom
Phelan, Sean Pine, Nick Reddingius, Stephen
Schwartz (for Terry Ryan), Marsha Smith, Kent Wada, Esther Woo-Benjamin
Guests: Mike Lee (PDP), Karen Ribback (OIT), Stacey Rosborough (PDP), Harold Shin (PDP),
Tom Trappler (OIT), Mike Van Norman (CTS), Mits Yamahata (PDP)
Agenda
1)
Data Centers Data Gathering Project Update
Between February and April 2005, the Professional Development Program
(PDP) Data Centers Data Gathering Project team completed surveys (through
in-person interviews) with 26 academic or academic support units. During the
first part of August, they went back and validated the data with interviewees.
They are now in process of continuing the validation and presenting their
preliminary findings to Campus Computing Council (CCC), CSG, Information
Technology Planning Board (ITPB), Repositioning IT Functional Oversight
Committee (ITFOC), Data Council and others during those committees’ regularly
scheduled upcoming meetings.
The PDP team reported to the CSG at a high level, the project’s
purpose, scope of work, goals and process as well as the lessons learned and
summary of preliminary findings and assessments. If anyone would like a more
detailed presentation of findings, they are encouraged to contact Karen Ribback
at kribback@ucla.edu. When ready, the
consolidated presentation of findings will be posted on the Repositioning IT
website and a copy of the raw data in paper form will be available for reading
in Jim Davis’ office.
One of the key lessons learned through this process is that (IS-3)
standards are interpreted differently and therefore may not be applied
uniformly. There was a CSG suggestion to use the Minimum Security Standards for
Networked Devices as a starting point in defining minimum data security
standards.
Some next steps for this project include: identifying appropriate
analytical filters to apply to the data; proceeding with surveys of Academic
Technology Services (ATS)/Administrative Information Systems (AIS) and Business
and Administrative Services (B&AS) data centers; and planning for Phase II
of data gathering.
2)
Proposed Campus Backbone Network Service
Level Agreement
This document integrates the various expectations stated in multiple
agreements.
CSG Action:
·
Review
the draft Campus Backbone Network Service Level Agreement: http://www.csg.oit.ucla.edu/documents.htm#August2005
and send comments to Mike Van Norman by September 13.
3)
Applied Security Task Force Update
The ITPB and the CSG have proposed forming an Applied Security Task
Force to become an authoritative security resource for the campus. The task
force will be made up of distributed technologists. The Office of Information
Technology (OIT) will provide support resources to include logistics, meeting
coordination, web site development, technical representation, and operational
oversight. Communications Technology Services (CTS) will provide incident
tracking and reporting, network operations coordination, and technical
representation. As a distributed technology board that is representative of
both academic and administrative operations, the CSG, acting as the steering
committee, will review and approve plans and provide ongoing guidance and
input.
The core of the Task Force will comprise nominated IT professionals that
work primarily for local units (do not have campus-wide responsibilities at
this time) and who have security design and/or practical application of
security methods as part of their job responsibility. Modeled after the
extended PDP Data Centers Data Gathering project, the members of the Task Force
will be compensated for 4 hours per week through a one year dual-employment
staffing agreement (the model will vary to accommodate differences in
department employment policies). Participation will require departmental/manager
approval.
The CSG agreed to proceeding on an open application nomination
process.
CSG Action:
·
Send
nominations/applications to Marsha Smith by September 10, 2005.
4)
Next Generation Network Team Update
Deferred.
5)
Anti-Spyware Agreement Update
With UTIPP funds left over from the Sophos agreement, the campus is
moving forward on negotiations with Webroot for their anti-spyware product.
Distribution and support is modeled after the Sophos agreement. A Fall quarter
launch is targeted. With participation from the campus Help Desk Group, and in
parallel with final negotiations, testing and roll-out plans are also being
developed.
6)
UCOP Protected Data Security
The UC Information Security Work Group Report was issued on August 9,
2005. It contains recommendations for establishing roles, responsibilities and
accountability for safeguarding restricted data, including recommended actions
for individuals.
CSG Action:
·
Read
document in preparation for detailed discussion at the September 27th
CSG meeting. The Mullinix 8/17/05 memo and the UC Information Security Work
Group (8/9/05) Report are posted at: http://www.csg.oit.ucla.edu/documents.htm#August2005 .
7)
Circuit City Hardware/Software
Recommendations for UC Locations
Circuit City’s website lists the names of several UC campuses,
including UCLA, in “The College Computer Guide”. The implication is that the
configurations listed meet the minimum requirements of these schools. UCOP has
issued a ‘cease and desist’ letter to Circuit City because they do not have
permission to use the UC name.
Meeting Schedule for
Remainder of 2005:
|
Tuesday |
September
27 |
2:00
– 4:00 p.m. |
2121
Murphy |
|
Tuesday |
October
25 |
2:00
– 4:00 p.m. |
2121
Murphy |
|
Tuesday |
November
22 |
2:00
– 4:00 p.m. |
2121
Murphy |
|
Tuesday |
December
20 |
2:00
– 4:00 p.m. |
2121
Murphy |