Tuesday, December 1, 2015 -
1:00pm to 2:30pm

Location Details: 

Information Technology Dept.
Room 208V
4201 Normandy Street North
Bismarck, ND 58503

Meeting Agenda:

  • News and Updates
  • Data Encryption
  • Service Desk Password Resets
  • Final review of Standards
  • Open Discussion

 

Meeting Recap:

Updates and news included:
  • The new Enterprise password manager service from ITD is available for use.
  • Strict enforcement of Challenge Questions began December 1 as scheduled.
  • Testing of the options to detect and encrypt outbound SSN and testing/research on MDM capabilities has been postponed until Exchange 2013 is in place.
Data Encryption
  • An initial discussion at ITCC did not generate much feedback, so the group drafted changes to the standard to:
    • Include a requirement to encrypt sensitive data at rest.
    • Include a requirement to encrypt removable storage if it contains sensitive data.
    • Updated the definitions section for the two additions.
  • The draft standard will be discussed at ITCC and the next Security Architecture meeting.
Service Desk Password Resets
  • The ITD processes to address challenge questions brought to light that the service desk may or may not have the ability to disable and enable agency accounts. It would be easier to manage if the service desk had domain wide rights to disable/enable accounts. There may be concern however from some agencies if ITD had enable rights. The topic will be discussed further at ITCC.
Open Discussion and future topics
  • Microsoft Identity Management and Manage Engine are being considered for a password reset self-service solution.
  • The group has been asked by the ITCC and CIO to assist in ranking the state’s security initiatives in terms of priority and cost.
  • The Security Architecture team would be interested in a presentation of ITD’s future strategic initiatives.