IRMC MEETING MINUTES
December 18, 2003
Room 205 K-State Union
Erik Ankrom, Tony Crawford, Mike Haddock, David Hillier, Bryan Kraus, Gary
Leitnaker, Jane Rowlett, Gail Simmonds (via video conferencing), John Streeter,
Roger Terry, Harvard Townsend, and Dean Zollman.
Cochran, Yar Ebadi, Kurt Gartner, Terry King, Laurel Littrell, Larry Moeder,
Beverly Page, Keith Ratzloff, Cheryl Strecker, and Sue Zschoche.
Chair Littrells absence Jane Rowlett opened the meeting at 1:30 p.m. and
introduced Warren Strauss, Director of Internal Auditing.
of the November 13th meeting were read and approved.
- Harvard Townsend reported that
password change would occur January 1 February 11, 2004.
- No one
participated in the EDUCAUSE free online seminar.
- Rowlett reported that with the help
of Warren Strauss, the IT Policies are now posted in the Policies and
Procedures Manual (PPM). Links to these
policies have been directed to the PPM.
- IT Audit Warren Strauss gave an
overview of the audit that was conducted by the Federal Auditors. Their findings indicated concern for the
departments on campus that have their own systems and the lack of control over
them. In response to this audit,
Strauss met with Tom Rawson and Beth Unger regarding the need for an IT
auditor. Rawson and Unger are currently
reviewing an IT auditor position description based on the Federal Information
Systems Audit manual.
- Disaster Recovery Plan (DRP) John
Streeter gave background information on the development of the first DRP. The DRP identifies the weak spots but does
not provide a plan to correct these potential problems. Streeter expressed the need for continual
updating to this plan and the lack of time and resources to adequately
accomplish the updates. Rowlett
indicated that the State of Kansas requires a DRP to be on file, at least at
the BOR. Roger Terry suggested that the
new positions (IT auditor and IT security group) be given the function of
looking at the DRP to ensure its compliance.
Streeter will begin updating the DRP.
Leach Bliley Act Jane Rowlett gave background of this Federal Trade
Commission act that required compliance on May 23, 2003. The GLB applies to KSU because we deal with
student loans, personal tax information, and credit card transactions on
campus. Tom Rawson, Dick Seaton, and
Beth Unger developed the KSU Information Security Plan in response to the GLB
Act. Harvard Townsend suggested the IT Security
Group review and comment on the KSU Information Security Plan.
- Security Harvard Townsend provided
an update of the computer crime that was committed against KSU.
Updates and Assignments
- Web Issues Jane Rowlett reported
there is a group that will be meeting to discuss the accessibility of mediated
Portal Development Team is planning on beta testing the K-State portal in
January or February. Rowlett described
portal polices that will need to be addressed, such as, portal branding, style
guides, and page development.
Gary Leitnaker reported that the group had not yet met but would review the GLB
Act before the January IRMC meeting.
- III Data Resource Stewards will be
meeting in January 2004 and will also review the Kansas State University
Information Security Plan.
Harvard Townsend reported the dot matrix printers, currently available in Hale
Library for students use, will be removed in March 2004. However, in January the introduction of
laser printers will be made. The
students will be able to print 100 free copies on the laser printers per
semester with cost for additional copies being 10 cents per copy. Some cost adjustments may be made after the
use is analyzed.
Roger Terry inquired about the Microsoft class action suit. It was suggested having Cheryl Strecker give
an update at the January IRMC meeting.
January Agenda items:
on the Microsoft class action suit
on the implementation of electronic submission of theses and dissertations.
The meeting was adjourned at 2:45 p.m.
Future IRMC meetings (1:30 3:00)
29, Union 204
18, Union 205
15, Union 205