March 17, 2017 Meeting
Agenda
INFORMATION TECHNOLOGY COUNCIL MEETING
March 17, 2017
Science 11
10:00 AM to 11:00 AM
- Review of Data Recovery Plan
A brief review of the Data Recovery Plan that was distributed in December 2016.
- Ransomware Guidelines
A discussion about Ransomware including what it is, tips on how to avoid attacks and steps to resolve infections as suggested by the CCC Chancellor’s Office.
- Security Steps for Users
A group discussion about information security including use of complex passwords.
Minutes
Members Present:
Adrian Agundez, Bill Devine, Shelly Getty, Mark Gibson, Dana Hicks, Richard Hudson, Abbas Jarrahian, James May, David Mitchell, David Reynolds, Tiffany Rowden
Members Absent:
Dan Hall, Nicole Avina, John Dodson, John Eigenauer, Aldrin Luben, Brock McMurray, Robert Meteau, Mark Williams
Guests:
There were no guests.
Facilitator:
Adrian Agundez
Recorder:
Dana Hicks was meeting recorder.
Meeting Called to Order:
The meeting was called to order at 10:05 am.
Minutes
- Starting off the meeting, Adrian asked the group to acknowledge the minutes from prior meeting. Please let Dana know if there are any corrections, adjustments, etc.
Disaster Recovery Plan
- A revised version of the Disaster Recovery Plan for the campus was sent in an email prior to the meeting. The premise of having this plan is if a disaster happens such as a fire, we will have a plan of action of what we need to do first to keep Taft College up and running for our students.
- Adrian asked the group to read through the DRP once again to make sure the plan is as complete as can be before he submits the plan to Dr. Daniels.
CCCC Ransomware Incident Report
- The CCC Chancellor’s office sent out a report on Ransomware that is to be used as a new guideline for IT offices to follow. The reason for this guideline to be used is due to the recent ransomware cases that happened to other campuses. This guideline that IT will be using is to inform every one of the level of transparency that occurs in cases of Ransomware. The hard parts of implementing this guideline is the process of how and when IT will learn about the incident, how fast IT will respond, and how fast will IT get the issue off the network to prevent further damage. Part of the report sent by the Chancellor’s office includes a 4-page incident response datasheet that will help organize an action plan to take if and when a case of ransomware occurs.
- Adrian is looking at adopting this ransomware guideline for the District. For right now this plan is a recommendation, issued by the Chancellor’s office, but also tells Adrian this’ll soon be a mandatory guideline. Mark and Adrian are part of the Chancellor’s Security Group. Per Mark, the Chancellor’s office is looking at ways to mitigate chances of ransomware attacks including restrictions of email and restrictions of computer macro use. Mark informed the group of cases where computer users are severely limited of what they can control on the computers they use. The users would merely only be able to log-on to their computers and that’s it; the users couldn’t install apps or make any changes. Mark hopes our campus would not go to that level. A copy of both the Ransomware Report and the Response Datasheet was emailed to the group prior to the meeting. Adrian will be reviewing the handouts with the group at next meeting in April.
Password Update Procedure
- Another goal Adrian has by next meeting is to present new password guidelines. These guidelines will include rotating/changing passwords every six months and changing the quality of the password to be more complex.
- What Adrian would like to see the campus practice when requesting IT services is this: the requestor should change the password for IT use and when IT is finished, change the password again.
- Adrian shared information from the State Attorney General’s office informing everyone that it is now illegal for employees to share password information. This is a new California state law that just went into effect.
- Adrian will be using this information about passwords to form password guidelines before next meeting in April.
Office 2016 for Fall
- Plans are still on track to implement the Office 2016 upgrade in the Fall. Most of the preparations will occur in the Summer. The bookstore has been informed to begin buying Office 2016 books. It is unclear if Mathtype will work with Office 2016 at this time. Adrian will look into Office compatibility with Mathtype.
Adjournment:
The meeting was adjourned at 10:53 a.m.