Wednesday, December 9, 2015 -
12:00pm to 2:00pm

Location Details: 

Information Technology Dept.
Room 438
4201 Normandy Street North
Bismarck, ND 58503

Meeting Agenda:

 

Time Topic Presenter
1:00

Update on EA Activity

Jeff Quast

1:20

Update on ITD Activity

  • Brown Bag Lunch - review
  • Desktop SLA
  • Application Inventory Feedback
Gary Vetter
1:40 Security Roles and Responsibilities Dan Sipes
2:00 Legislative Mobile App Demo Kyle Forster
2:20 Encryption Standard Draft Jeff Quast
2:30 Password Reset Rights Gary Vetter
2:40 Remote Support Tool Jeff Quast
2:50 Future Agenda Items  

 

Meeting Recap:

Update on EA Activity
  • Security Architecture Recap
    • Topics included data encryption, service desk password resets, prioritization of enterprise security initiatives, and ITD’s future strategic security initiatives.
  • Data Architecture Recap
    • Topics included MS SQL upgrades and a Digital Archives Repository.
       
  • Application Architecture Recap
    • Topics included the progress on developing an enterprise Application Inventory and continued updating of the Web Development Best Practices document.
  • Technology Architecture Recap
    • Topics included end of support for older versions of Internet Explorer, the use of WSUS and other tools to manage patches and updates, and further work on a new standard to combine the EA Desktop OS and Critical Updates standards.
       
  • The ITCC was reminded that ITD now offers an Enterprise Password Management service at no cost to agencies.

 

Update on ITD Activity
  • Brown Bag Lunch – a review of Gartner’s top 10 predictions
    • Some of the noted predictions included the authoring of content by machines, 95% of cloud security failures being the fault of the customer, and non-human agents creating 5% of all financial transactions.
  • Application Inventory
    • ITD has been calling agencies and sending requests for them to complete an application inventory worksheet that collects high-level basic information for their main systems or applications. The goal is have all information returned by the end of December.

 

Security Roles and Responsibilities
  • Dan Sipes presented a draft matrix that documents the roles and responsibilities that ITD and an Agency have from a security perspective. He will also discuss this at the January 11th Cyber Security Task Force meeting.
  • The concept of agencies possibly scoring the security of their agency using self-assessment was also discussed. This is something many other states are doing, and it could become part of the biannual IT planning process.

 

Legislative Mobile Application Demonstration
  • Kyle Forster provided a demonstration of a new mobile application that was developed by ITD. The mobile app will be used by legislators, and will be available for public users soon. It provides an easy to use interface to track meeting schedules, bills, sponsors, etc. Detailed bill information is launched in the default web browser, displaying the same information as the Bill Tracking system on the legislative web site. The application runs on iOS and Android devices and will be available in the respective app stores before the next session begins.

 

Encryption Standard Draft
  • A draft of an updated EA Encryption standard was presented and discussed. The changes to the standard include requirements to encrypt sensitive data at rest and sensitive data on removable media. It will be discussed further at the next Security Architecture meeting.

 

Password Reset Rights
  • The group discussed the permissions that the ITD service desk has or should have to enable and disable Active Directory accounts. Currently, ITD has that permission for some agencies and not for others. The ITCC generally agreed that permission to enable across the domain would be fine since ITD would have internal policy to never enable accounts unless the proper process was completed.
 
Microsoft - Windows 10 and Internet Explorer 11
  • Microsoft has recently indicated that the Windows 10 update may be moved from the optional list to the recommended list. This means that non-enterprise licensed machines that are not using WSUS to apply updates could have Windows 10 installed without initiating it. A group policy can be used in AD to prevent the update from installing until the agency is prepared for it.
  • All versions of IE older than version 11 will be unsupported after January 12, 2016. The group discussed the importance of removing all of the unsupported versions before that date, and the concerns about some applications that require older versions of IE or do not work properly in IE 11. To ensure computing devices are secured properly, options include:
    • Test all critical applications with IE 11 and work quickly to resolve any issues if possible.
    • Test applications that experience issues with IE using Compatibility Mode.
    • Use an alternate browser like Chrome or Firefox for applications that do not support IE 11
    • Switch to an alternate browser as the agency’s default browser for all applications

 

Remote Support Tool
  • This topic was on the agenda but was tabled due to lack of time.

 

Attachments: 
PDF icon ITCC-20151209-Presentation