February 2024 Agenda
Meeting Date: February 27, 2024
Time: 2:30 pm
Location: Teams
Remote Attendance: Calvin Feldt, Loree Ramezan, Tommy Smith, Angie Mann, Emmett Brown, Kilbert Spland, Kappe Mumphrey, Craig Woolley, Michele Montero, Parampreet Singh, Andy Maverick, Chris Barrett, Stephanie Rhodes, Jacqueline Bach, Stephen Beck, Mo Carney
Presenters: Katie Bouey
Others: David Alexander, Robin Ethridge, Susan Crochet, Ric Simmons
Opening
1. Administrative Announcements
2. Executive ITGC Updates [Craig Woolley]
Action
3. Approval of the Minutes from the Meeting held on November 29, 2023
Information/Discussion
4. Board of Supervisors Audit Committee Update [Craig Woolley]
5. Grammarly [Craig Woolley]
6. IT100 Request Summary [Katie Bouey]
7. ITS ITGC Project List [Katie Bouey]
- Tiger Card Mobile Credential Project [Craig Woolley, Katie Bouey]
Updates: Sub-Committees & Working Groups
8. Moodle/Technology Survey [Craig Woolley, Jacqueline Bach, Parampreet Singh]
Wrap-Up
9. Information sharing/Announcements [All]
10. Suggested agenda items for future meetings, including ITS topics of interest [All]
11. Next steps/Follow-up items [Chair]
February 2024 Minutes
1. Administrative Announcements
The Chair asked new and current Council members to introduce themselves.
3. Meeting Minutes Approval
November meeting minutes were approved with no revisions. Motion to approve by Chris Barrett; seconded by Andy Maverick.
4. Board of Supervisors Audit Committee Update
Craig shared with the Council a presentation made to the Board of Supervisors concerning IT risks and their mitigation. He stated that he made the Board aware that, though the audit findings are system-wide, it is up to each individual institution to manage those risks as they see fit. Craig stated that all LSU institutions have implemented multi-factor authentication (MFA), which greatly improves security posture. He added that every institution is working on encrypting their devices. Craig also stated that he gave the Board an update on Permanent Memorandum (PM) 36, which is the overarching LSU System IT Security policy that sets the standards and minimum requirements for all LSU institutions. He added that the LSU A&M IT Security policies were last updated in 2011 and 14 new policies and associated standards were put in place in Summer 2023 to replace the old ones. Craig also stated he shared with the Board an overview of LSU System software savings.
Craig also gave an update on the LSU/LONI Security Operations Center (SOC), which functions to mitigate risks. He shared that the SOC reviews events that are anomalous to determine if it constitutes a security incident. Those security incidents are then evaluated to determine what action, if any, needs to be taken. He added that since the approach to incident response is usually reactive, the SOC allows for more efficient and effective incident response. He also shared that the SOC has a public/private partnership with Tekstream Solutions to provide 24x7 monitoring of key IT systems for all Louisiana public Higher Education Institutions. Craig gave examples of anomalous events that the SOC monitors, such as impossible travel and malicious network activity. He shared that there were 2100 incidents over a 30-day period with the majority of them being false positives. Craig stated that the SOC employs students to work alongside Tekstream, and added that Tekstream will also help the students with their resumes, interview skills, and job placement. Craig shared that any school in the state of Louisiana will have the ability to stand up their own SOC and that the SOC on the Baton Rouge campus will serve 25-30 entities across the state.
5. Grammarly
Craig shared with the Council that many faculty, staff, students, and even schools and departments have requested Grammarly. All of those requests have been denied due to security and privacy concerns with the individual version of the software. Craig stated that Grammarly offers an enterprise version that would allow for Single Sign On (SSO) and remove the security concerns. He informed the Council that ITS and LSU Online purchased 5000 licenses and added that SSO is being set up. Craig stated that the AI component of Grammarly is disabled to give time to the various Provost committees researching how AI will impact LSU. He added that communications will be sent out to the LSU faculty and staff once Grammarly is available. Craig stated that Grammarly is not yet available for students. He added that any future enterprise software requests should be proposed to the Council for approval. There was a brief discussion concerning under what circumstances the use of Grammarly is allowed by researchers, the policy in place at the National Science Foundation, and the potential use of a disclaimer for researchers at LSU.
8. Moodle/Technology Survey
Param Singh gave an update on the Moodle/Technology Survey that was designed by Faculty
Senate and ITS and sent out to faculty. He shared that the survey received 658 responses
with 399 faculty members signing up for the incentive to participate. He added that
153 faculty members also signed up to participate in a focus group. He stated that
one of the questions gauged faculty satisfaction with Moodle. More than 46% of faculty
surveyed stated they were satisfied with Moodle with the expectation that improvements
will continue to be made. 31% of faculty surveyed feel neutral towards Moodle and
16% believe an alternative to Moodle should be found. Param stated that interpretation
of the survey data indicates the University should continue to use Moodle. Param also
shared that survey included other questions regarding training and support to effectively
use classroom hardware, availability of educational software, the importance of standardization
of computers issued by departments/colleges at LSU, satisfaction with current IT support
on campus, and use of generative AI in courses. Param also shared next steps which
include sharing the results of the survey with the Faculty Senate Executive Committee,
preparing a report for the Faculty Senate, and putting together focus groups during
the summer.
6. IT100 Request Summary
Katie Bouey discussed the goals and processes behind the IT100 process as well as the software acquisition workflow. She shared the need for the ITS Security review as well as the need for the Data Governance review, which ensure compliance with General Data Protection Regulation (GDPR), Family Educational Rights and Privacy Act (FERPA), and Payment Card Industry Data Security Standard (PCI DSS). Katie also discussed the Accessibility review to ensure software meets the standards for web content accessibility guidelines 2.0 level A. Katie shared software acquisition statistics dating back to 2021 as well as statistics for Fiscal Year 2024, including the average duration of the IT Review and Accessibility Review stages and the overall age of the tickets before they are approved. These statistics also included a count of software purchased by departments and a count of software with more than two requests such as HootSuite, Camtasia, and GraphPad Prism, which could lead cost savings if purchased as an enterprise license (or if an enterprise license is already in place). There was a brief discussion concerning what monetary threshold determines consideration of an enterprise license for software. There was also a brief discussion concerning making a list of pre-approved software available to faculty and staff, as well as having additional targeted communication about the software acquisition process with the campus community.
7. ITS ITGC Project List/Tiger Card Mobile Credential Project
Katie gave an update on the Tiger Card Mobile Credential project. She shared the project
timeline which includes a Spring 2025 implementation of the mobile credential for
the first-year cohort and adoption for the entire campus by Fall 2025. She also stated
that replacing physical access control systems (PACS) is a priority since many of
the components will reach end of life by December 2024. She shared that there are
over 5,000 card readers on campus with over 500 of them at end of life. Craig added
that the University is trying to identify possible vendors and investigating the possibility
of a single PACS system.
Katie also gave a brief update on the Mainframe Data Transition, Reports, and Decommission
project as well as the Student Information System (SIS) project. She shared that Cohort
1 which includes LSU A&M and LSU Eunice has their MTP1 (Move to Production 1) end-to-end
testing and that Cohort 2 is currently working on their Work Set A design. She added
that MTP1 is scheduled for August 2024.
Katie briefly discussed the Identity Access Management (IAM) project. She stated that
the project is in phase 1 and is currently 40% complete.