Forum Replies Created
-
AuthorPosts
-
tjmParticipant
Thanks for the comments. There has been a significant change to this standard from the original post. The changes to the new standard emphasize the requirements for UNM owned devices that access sensitive, protected data. We’ve shortened the security standard from a 200 page FBI document to a two page document vetted by Security. AN enterprise antivirus/antimalware that is managed is part of security requirements. If departments choose to use something else for computers accessed only by students, this standard doesn’t apply in that situation. The lifecycle of equipment is a recommendation not a must have. Operating systems will dictate hardware requirements as they go end of life.
As for AD authentication, yes there will be necessary hardware- such as dongals, to attach to the wired network. We are working the AD authentication through wireless so the hardware won’t be necessary at some point. Joining the colleges domain is the first level of security for those of us who have access to protected, confidential data. For those those situations that require equipment that communicates to an EOL operating syste and need to be attached to network – let’s talk. risk assessment for the potential of data loss would be assessed. As well as cost to upgrade equipment or related software would be part of that assessment.
The goal of this standard is to ensure we have appropriate security around different types of data. For compliance, that has yet to be determined. At a minimum, devices that do not meet the standard may be denied access to highly confidential, protected data.
tjmParticipantThis standard will be rewritten and up for review during the Group 4 period. Many suggestions will be considered as well as a title change. My plans is to start up monthly meetings to review this standard beginning in july to gain broader feedback and revise the standard. Right now, let’s target December for a revision.
Thanks,
TJ
tjmParticipantUNM IT does have a SLA for manged workstations. Since this is a supplemental service, the standard is up for review and comment. It is based on the SLA we provide customers who are part of the managed ws program. As for antivirus/anti malware, the solution offered by UNM IT is a managed solution that works with Windows, Mac and Linux operating systems. This is preferable over windows defender that is not managed and only works with a specific OS. UNM IT is working to open up AD ports to the wireless network. As for grouping devices such as classroom computers, printers, etc – we originally thought it might work that way. We felt it was better to call out UNM owned workstations as a separate standard because these are the devices that UNM employees would use to access protected data. This standard, as much as possible, is focusing on preventing data loss through UNM owned devices. Of course, this is just one level of security to keep data protected.
tjmParticipantRegarding the end user device standard, based on feedback, we will be updating it. At this time, I am going to suggest we allow more time to review the updates before sending on to ITSAC.
Thanks.
April 1, 2016 at 9:59 am in reply to: Inclusion of UNM community in the Standards and SLA comment process #677tjmParticipantIn regard to compliance, the compliance process is under development. In my opinion, some of the standards would benefit more from a maturity level assessment of compliance than from a true/false compliance. Additionally, as security standards are being discussed and developed, people using devices to access protected data will be required to follow appropriate standards.
tjmParticipantI am going to try my best to reply to all the questions!
The standard calls for UNM owned devices to be joined to UNM’s domain. The driver behind this statement is to setup a first layer of security. As we talk about access to protected data of any type, devices, whether personal or UNM owned, that do not meet certain criteria, will not be granted access to this data. Encryption will come into play as these discussion continues regarding data classification and the access to such data.
This standard applies to virtual desktops. Any non windows tablet owned by UNM will fall under mobile device management to access protected data.
I agree a 200 page document should be condensed. We will work with Security to get a security standard for end user devices developed and vetted in the coming months.
The WSUS is available and scalable for campus.
Any OS that is end of life, no longer supported must not connect to the UNM network.
For those of you who have workers off site, if they are working with protected data, must have a way to get updates, scan computer for virus, must have access to KMS. Let’s talk if you have these situations.
Symantec is available for windows, Mac, Linux. All three OSes have personal firewall functionality.
Wireless at this time does not allow for AD authentication. It is on the roadmap.
As for compliance, that process has not been fully designed. In my opinion, this standard would not a true/false statement but more of an assessment of maturity or levels of compliance.
- This reply was modified 8 years, 8 months ago by tjm. Reason: correct an grammar error
tjmParticipantChad — Hi, sorry for not responding earlier to your comments. I am trying to review all comments related to customer service! Please, at anytime you are not receiving appropriate communication or timely services, feel free to reach out to me. I will do my best to get things moving!
tjmParticipantAndrew – depending on the age of the device and operating system, a department may choose to keep the service and assign to another employee.
tjmParticipantChad –
I certainly appreciate the effort you’ve taken to craft this response. You have identified areas for process improvement which I am always open to incorporating into our efforts.
In regard to customers not responding when details are requested, a great majority either have their problem resolved or there is a separate process followed in their department. For example, only the UH Communications group can submit incidents related to phones for hospital customers. UH Communications tries to solve the issue first before calling UNM IT. I would say escalating to department heads for non responsive customer would not add value. I do agree that is appropriate to escalate when UNM IT is unresponsive. For those types of issues, there is an escalation section in the SLA. Here at UNM IT, we are have conversations about response times and communication to the customers. We understand the importance and strive to improve in those areas. Thanks again for your feedback.
tjmParticipantChad –
In each SLA, you will find response times associated with priorities of Incidents. I appreciate the struggle of not receiving responses to tickets in a timely manner. Please know each team reviews aging tasks to either get them completed or provide communication to the customer. I will share your feedback during our next group review of aging tasks.
As for service requests, we also monitor those for open tasks but we have not established response times. Each unique service request may take a different amount of time to fulfill. We have the data and will be establishing and publishing fulfillment times – it is on our roadmap for this year.
I certainly acknowledge that we improvements to make in our communication on individual tickets At any time, you are free to call the Servcie Desk for a status check, call the Customer Service Manager listed on the SLA or contact me when you there are concerns about the amount of time a ticket has been open or you’ve received no communication from us.
thanks.
tjmParticipantThanks for the comments Chad. In reading the SLA and the section you’ve pointed out, we are referring to functional escalation. Escalation might not be the right word to convey our meaning. This bullet refers to assigning tasks to teams beyond the Service Desk for resolution or fulfillment.
UNM IT is working hard to provide information to the Service Desk in order that they may resolve issues much faster to minimize functional escalation. We are focused on first contact resolution rates – resolving more at the Service Desk. Obviously there are issues the Service Desk cannot resolve and must be assigned (escalated) to a technical team. We will reword that bullet to better reflect what we are trying to achieve.
As for closing tickets after five days, we attempt to contact the customer multiple times – at a minimum two to three times before the ticket is closed. A majority of the time, the customer calls in and doesn’t have enough information or realizes there is an alternative process. They do not call back to say all is well as they are aware tickets are automatically closed. We send emails to inform them that we need more details or ticket will be closed.
We do provide communication to customers when ticket status or priority changes – there is always room for improvement in this area.tjmParticipantThe first bullet under General overview should be external customer, not vendor.
-
AuthorPosts