Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Development Initiative: Status & Next Steps

Similar presentations


Presentation on theme: "IT Development Initiative: Status & Next Steps"— Presentation transcript:

1 IT Development Initiative: Status & Next Steps
Tom Jackson Vice Chancellor of Information Technology and Chief Information Officer Campus IT Forum November 28, 2018

2 Agenda IT Development Initiative Information Resources Inventory
Data Governance and Resource Risk Classification Security Education Technology Update IT Audit Preparation Next Steps ncat.edu

3 IT Development Initiative

4 IT Development Initiative
ISO Standard Policies, Operating Standards and Baseline Procedures Information Security Management Projects to address IT security Compliance Information Security Assessments Staffing and Organization Filling IT leadership positions Technology and staff consolidation ncat.edu

5 ISO Standard Governance Policies Operating Standards
Enterprise Applications Governance formed Information Security Advisory Committee formed Information Security Incident Response Committee Academic/Client Advisory Committee to be formed Winter 2019 Policies Information Security Policy Updated November 16, 2018 Appropriate Use Policy adopted November 16, 2018 Operating Standards Incident Respond Standard developed and in use Access Control Standard developed Endpoint Security, Server Security and other standards under development ncat.edu

6 Information Security Management
Projects Eleven (11) completed, thirty-two (32) in progress or pending Vulnerability Scanning Third scan in progress Scan results have identified remediation projects Remediation Projects Two (2) completed, five (5) in progress or pending Projects added as issues identified Penetration Testing Began in November ncat.edu

7 Completed Project Accomplishments
Information Security Management Completed Project Accomplishments Security Projects Perimeter firewall upgrade Virtual Private Network (VPN) upgrade Core fiber loop Second NC-REN connection Craig Hall core switch migration Vulnerability Scanning Third scan in progress Remediation Projects CHHS server Employee Domain ncat.edu

8 In Progress Remediation Projects Security Education
Information Security Management In Progress Remediation Projects Banner database security Wendover endpoints Campus A/V systems ITS servers Network Security Network switch upgrade Network Access Control (NAC) Network device configuration management software Security Education KnowBe4 Training Data Stewards Training Office 365 Multifactor Authentication ncat.edu

9 Compliance Resource Inventory Information Security Assessments
Initial collection began with information security assessments Information Security Assessments Performed annually on each unit that manages technology First round Twelve (12) divisions and colleges assessed in 2018 Seven (7) divisions will be completed in January 2019 Assessments will flow into Information Security Program Reports and Roadmaps will provide guidance for compliance Information Technology Risk Assessment Spring 2019 ncat.edu

10 Information Security Assessments Conducted
Compliance Information Security Assessments Conducted Athletics Bluford Library Business & Finance Enrollment Management Human Resources Information Technology Services Strategic Planning and Institutional Effectiveness Student Affairs College of Agriculture & Environmental Science College of Engineering College of Science & Technology Joint School of Nanoscience and Nanoengineering ncat.edu

11 Staffing and Organization
Leadership Positions Filled Director, Client Technology Services Director, IT Project Management and Business Operations Director, Network and System Administration Hiring in Progress Associate Vice Chancellor for Data Governance and Business Intelligence Director, Enterprise Applications Associate Vice Chancellor for Information Technology and Deputy CIO ncat.edu

12 Staffing and Organization: Consolidation
College of Health and Human Sciences Consolidation in progress File services migration Domain migration Workstations Consolidation pending Staff ncat.edu

13 Information Resources Inventory

14 Information Resources Inventory
Data Hardware Software Must be maintained by division, college or department Provide regular updates to ITS Some inventory collected for information security assessments Remaining inventories to be collected Winter 2019 ncat.edu

15 Data Governance and Resource Risk Classification

16 Data Stewardship and Classification
Data Governance and Resource Risk Data Stewardship and Classification Data Classifications Added to Information Security Policy Determine the risk level of resources Resource security based on risk Basic level for all resources Additional security for resources with confidential or sensitive data Standards Data Governance Risk Management Planned for Spring 2019 ncat.edu

17 Security Education

18 Training Mandatory for all employees
Security Education Training Mandatory for all employees General training for all employees Specialized training System Administration Application Administration Data Stewardship KnowBe4 training software Begins in Winter 2019 ncat.edu

19 Technology Update

20 Technology Update Banner 9 Admin Pages in production
Banner 9 Self Service starting Winter 2019 Banner Document Management in production in seven (7) departments Web Site redesign underway Planned go-live summer 2019 Network access layer upgrades Network Access Control (NAC) and configuration management Classroom and computer lab updates ncat.edu

21 IT Audit Preparation

22 Audit Preparation Identify risks Prioritized plan to address risks
IT Audit Preparation Audit Preparation Identify risks Prioritized plan to address risks Show progress towards addressing risks ncat.edu

23 Identify Risks – Information Security Assessments
IT Audit Preparation Identify Risks – Information Security Assessments Based on ISO international standard Resource Inventory Completed 12 Assessments, 4 pending Several Processes In Place Immature Need documentation Need addition staff training in processes ncat.edu

24 Next Steps

25 Next Steps Continue development of governance
Continue creation of policies, standards and processes Complete first round of information security assessments Complete current projects Develop multi-year roadmap Finalize after division and department assessments Align with strategic plan and strategic priorities Align with enterprise risk management plan ncat.edu

26 IT Development Initiative
Status and Next Steps Questions? ncat.edu


Download ppt "IT Development Initiative: Status & Next Steps"

Similar presentations


Ads by Google