MOKABUG 2009 – Information Security by Committee
Implementation of information security practices as committee based work at Missouri State University. At MSU, a Information Security Executive Committee was formed with Each VP and C-Level position represented.
The committee is structured around the following assumptions.
- The individuals represented are considered decision makers for campus governance.
- Each Member should report to their sponsor.
- Give IS staff access to all areas of the University.
ISEC Goals
- Develop a request for proposal to solicit external security assessment consulting services
- Review and enhance existing policies and develop new policies
- Develop effective marketing and education plans to inform and raise awareness
- Develop a response plan for security breach
- Develop desired security characteristics (Shared Vision)
**Side Bar ** Title III Grant Used to Assess Security Management Practices – Interested to see the grant proposal
At MSU, ISEC reports to the CIO. There is an active Information Security Office. Within the unit there are three employees… (1) ISO (2) Compliance Specialist and (3) Graduate Assistant.
Committee Membership
- Legal – Keep this relationship good
- Internal Audit – They know everything that is going on; Actually represent the University president; Dual reporting – President and Board.
- Finance – PCI and ERP
- Faculty – Need to know what they are doing and why. Academic and Faculty Senate Representation (Not Decision Makers Exception to the rule)
- Campus Security
- Staff
- Student – One from the Student Government Association
- Medical – Due to HIPAA
- All Campuses
- Need Non-Technical Members (Average Users)
- ****WHAT ABOUT STUDENT REGISTRATION**
Subcommittees
- Play an important role
- Subcommittees give products to main committee
- Policy Subcommittee
- Awareness and Training SubCommittee
- Ad Hoc Sub Committees too!
Liaisons
- Another type of committee
- Internal rather than external
- Can be a tremendous help! Keep them interested!
- Communicate with them – Get Feedback and Act on It!
ADVICE
- Maintain a strong agenda
- Meet regulatory
- Keep at a high level
- Let them help! – MAKE SURE THEY DO!!!
- Be Visible – The institution community should know you; Make sure committee is listed in a directory
Realities
- Members are busy
- Difficult to get high ranking meeting
- Meetings must be run in a concise manner
- A product should come from each meeting
- Each member is directly affected
- Most members are not technical (Sharepoint) – Members hate it.
- They will speak their mind!! Let them!!
—————
Good presentation. Provided valuable insights into the management of an information security committee.
Regards,
TJ
MOKABUG 2009 Session- Evisions and Argos Reporting Suite
This morning I attended the Evisions and Argos Reporting session at MOKABUG 2009. Through the session, the presenter provided an high level review of the Evisions Argos Product. Overall the presentation was informative and provided the necessary information to adequately compare the features and functions of Argos to other common reporting tools including Cognos.
Evisions facts
- Founded in 1996
- 100% dedicated to Higher Educatio
- Specifically built for the Banner platform
- 800 + Banner Higher Ed Customers
- Offer world class support – Technical support staff come from higher ed
- Advanced Collaborative Sungard Parter
- User Community Involvement in development prioritization
Argos Features
- Reporting solution with ease of use as the primary function
- Scheduling and Delivery with Report Bursting
- True enterprise license, across all users, types and database types
- Advanced Features – OLAP, ForeCasting
- Interactive Dashboards – Drill Down Functionality
- Advanced Features – Open API for Integration within other Applications
Argos Configuration
- OLEDB connectivity based (Access, Oracle, SQL Server, any OleDB accessible datasource
- Datablock based system – Similar to Cognos Packages, Mid-Tier Data Access
Training and Professional Services
- Online training is available to customers . Online, Live, Interactive, Recorded, Unlimited Free Access for existing customers.
Argos COOP
- User Community. Online library of datablocks and reports – Free to Us
Perspective on the Argos Application
- Solid support/training and community available to customers. Customer generated data blocks (packages available for customer usage)
- Customer oriented support process
- Not as intuitive as Cognos 8
- Quick view reports are terrific options for query pages to be delivered through SSB…. if possible?!?!
Regards,
TJ
MOKA BUG 2009 – SunGard’s Future Direction
This morning, Paul Setze, SunGard VP of Services, delivered the keynote address for the MOKA BUG 2009 Conference. The focus of the session was to review changes in service and support delivery. The following represents key points reviewed in the session.
Open Digital Campus: Vision for the Future
- Past: Built business on core ERP systems built upon robust technology framework (Oracle).
- Current Expectations: New products, services and suppor
Future: Provide Solution that better map to pain points and satisfy specific needs
- Lighter modular functions
- Flexible delivery models (SaaS)
- Modern Tech Tools – SOA, RIA, Cloud Computing, Business Process Platforms
- By keeping things modular, Sungard is able to scale solutions up or down depending on institutional needs
Shortest Distance to meeting customers needs
- Focus on Customers First
- Cultivate Community Involvement
- Extending Campus Environments
- Flexible, Iterative and incremental in delivery
- Innovating with new products and services
Issues:
- Inconsistent UI
- Usability Features
- Not Enough Flexibility
- Too Few Options
- Current Solutions insufficient to meet all customer needs
- Meaningful exchange between between customers and vendor
- ability to share innovations (Community Driven)
UI Modernization Goals
- User centric design approach
- Improve usability through consistent, effective design
- Deliver an appropriate
- Move away from Oracle Forms…. Moving to Flex and HTML 5 for all product
Consolidation of user interfaces
- Consistent streamlined and personalized user experience
- Rich interactions.
Common Platform Planned for Q4 2009 (SSB)
- Common UI Planform = Consistent User Experiences
- Common header, footer, look/feel, nav and help
- Transformed UI will run inside the platform
- End of 2010 – Common UI delivered across all products
Sungard Strategies
- Hosted Applications – Q4-2009/ Q1-2010 (SaaS)
- Evaluation of the Banner Enrollment Management Suite – Q3-2009 (Modular Development)
- Community-Source Unified Digital Campus – Q4-2009/Ongoing
New Products – SALES PITCH!!
- Flexible Registration - Simple on Demand web based system; alows learners to register and pay for credit and non-credit classes; supports traditional and non-traditional learners; is an extension of banner; does not break existing processes; minimal administrative oversight; See Sungard Site for further information on the features!
- Signals – Helps instructors identify at risk students early in the semester ; Early intervention leads to improved performance, increasing the number of Bs and Cs; Benefits – Early notification and behavior changes; integration to courseware.
- Relationship Management – Change in strategy, open the environment for relationship management across the institution (Prospects, Students and Alumni), Bolt on Applications are coming
- UDC Academy - Online interactive training program – Banner Finance, Student, Financial Aid and Human Resources – Instructional videos, tutorials, exercises, review questions
Technology Management Services
- Tech Services Advisory Board – Made up of current customers to guide the development of professional services towards IT Management Professional Services. Areas of Focus – Security Management
Regards,
TJ
Facebook Architecture – High Performance at Massive Scale and Other Resources
Finding information on the technical architecture of facebook has proven to be a challenge. Though it is common knowledge that the facebook application was built and deployed on LAMP (Linux, Apached, MySQL and PHP), the specifics concerning facebook’s customization of the stack are not publicly available. And so the search began.
The following resources provide a inside view on facebook’s technical architecture and the challenges faced in scaling the application and architecture to meet current user load demand while maintaining high performance.
Facebook: Science and the Social Graph -
http://www.infoq.com/presentations/Facebook-Software-Stack
Summary
In this presentation filmed during QCon SF 2008, Aditya Agarwal discusses Facebook’s architecture, more exactly the software stack used, presenting the advantages and disadvantages of its major components: LAMP (PHP, MySQL), Memcache, Thrift, Scribe.
—————————————————————————–
High Performance at Massive Scale: Lessons Learned at Facebook
http://video-jsoe.ucsd.edu/asx/JeffRothschildFacebook.asx
Summary
Facebook has grown into one of the largest sites on the Internet today serving over 200 billion pages per month. The nature of social data makes engineering a site for this level of scale a particularly challenging proposition. In this presentation, Jeff Rothschild discusses the aspects of social data that present challenges for scalability and will describe the the core architectural components and design principles that Facebook has used to address these challenges. In addition, Jeff discusses emerging technologies that offer new opportunities for building cost-effective high performance web architectures.
Regards,
TJ
Web 2.0 @ Work… Benefits and Security Implications
Within the current web landscape, many different Web 2.0 tools are available for both personal and business related purposes. These tools are often freely available and can provide significant benefits in enabling virtual team collaboration, enhanced communications and collaborative document management. While the potential benefits are great, the potential for data and information security related issues, such as data breaches or system compromises, are equally as great and must be managed accordingly.
The use of Web 2.0 tools @ work was surveyed in a recent Dynamic Markets research study. The focus of the study was to determine IT Management perceptions and understanding of Web 2.0 tools while assessing organizational security preparedness in a post Web 2.0 world. The following key findings provide an IT oriented perspective on current perceptions and security awareness in the use of Web 2.0 tools in the workplace.
- 95 percent of respondents currently allow employee access to some Web 2.0 sites and applications – most commonly webmail, mashups and wikis.
- 62 percent of IT managers believe that Web 2.0 is necessary to their business.
- 86 percent of IT managers reported feeling pressured to allow more access to more types of Web 2.0 sites and technologies.
- 30 percent of respondents reported pressure coming from C-level executives and director level staff.
- 34 percent reported pressure coming from marketing departments.
- 32 percent reported pressure coming from sales departments.
These survey results provide insight into the use and future use of Web 2.0 tools in the work place. In essence, Web 2.0 tools are here to stay and organizations must be well prepared in the areas of security policy, use guidelines and enforcement methods to ensure the appropriate use of such tools in a business environment.
Cheers,
TJ
Future Direction of Web 2.0 Social Networking Tools… Mass Integration
Web 2.0 social networking technologies provide significant benefit to individuals and organizations in providing mechanisms for maintaining personal and business oriented contacts and communications with internal and external stakeholders. As products mature in terms of feature offering and integration, the benefits will only increase.
Two words can describe the future of social networks, Mass Integration. Many IT forecasters, including Gartner, view social networking as being the conduit for future web interactions and communications. Social networks will continue to consume the user’s experience on the web as the tools and technologies are integrated into existing and future business applications.
Social networks, in terms of technical evolution, are often compared to the Web Search tools (Google, Yahoo! Etc.) that were introduced during the infancy of the web. These tools revolutionized the ways in which information was indexed, retrieved and utilized. Social networks have the potential to impact web usage in a very similar fashion. Rather than information being purely indexed based upon static categorization techniques used in search tools today, social networks can provide a social context to web based information. This context will enable improved efficiency in the search and use of web based information as related to specific demographic, group or network.
Just as web search providers such as Google and Yahoo! revolutionized the information indexing, retrieval and use processes, they had also invented a search based advertising and marketing model. This same model has been applied at greater depth to social networks and will continue to provide businesses with mass marketing and advertising opportunities previously unavailable.
In essence, social networking is the new web and will eventually become as openly accessible and utilized as web search tools are today.
Regards,
TJ
