INFORMATION TECHNOLOGY SERVICES

Measures and Metrics

December 2016 • Issue #1

Information Technology Services Measures and Metrics • 3

IntroductionWe are pleased to share with the Queen’s community this First Edition of the Information Technology Services (ITS) Measures and Metrics. Our ITS Newsletter was introduced last year in an effort to keep stakeholders informed of changes and new developments. This report is more about demonstrating accountability and developing understanding.

Accountability: This means showing measureable quality in our services and infrastructure, return on investment (regular operations and new initiatives), and progress with our Strategic Plan. It also means acknowledging our missteps, and sharing what we learned from them.

Understanding: In my five years since becoming Queen’s CIO and AVP, I have often heard “we don’t know what ITS does” or “ITS really needs to tell your story”. So, this and subsequent editions of ITS Measures and Metrics will also be used to tell our story, which I sincerely believe is a very good one. I am quite amazed at what the ITS team has accomplished since I arrived at Queen’s.

For those of you who wish to more closely monitor the quality and challenges of our services, we have a Services Statistics and Metrics section on the ITS website. It provides both real-time and monthly reporting of some of our more core service areas. We plan to grow this section to cover more areas to ensure our stakeholders can see the progress that is being made, and how it affects you … everyday.

Bo Wandschneider,CIO & AVP-ITS

Information Technology Serviceswww.queensu.ca/its

Contents04 Introduction

04 IT Support Services

06 Core Services Availability

08 IT and Information Security

10 Enterprise Services

11 PeopleSoft Support

12 Wireless Connectivity

IT Support Centre (ITSC)

Agencies representing copyright holders and associations worldwide monitor the Internet to detect illegal or unauthorized distribution of music and other copyrighted content. When they detect that a computer on the Queen’s network appears to be functioning in this way, they file a complaint with the university. ITS is obligated to investigate each complaint, and notify the associated individual(s).

Issues fielded by the IT Support Centre

Monthly volume of issues tracked by the ITSC

COPYRIGHT COMPLAINTS

COMPROMISED ACCOUNTS

NETID-RELATED ISSUES

OTHER ISSUES

The IT Support Centre is the first point of contact with ITS for faculty, staff and students. The ITSC provides assistance, information and referrals for all Queen’s IT-related issues.

Online PhoneWalk-in

+ + =

COPYRIGHT COMPLAINTSInvestigating complaints received by the university regarding alleged copyright violations such as sharing copyrighted music and videos.

NETID-RELATED ISSUESAssisting individuals with their Queen’s NetID, such as resetting passwords and enabling access to services.

COMPROMISED ACCOUNTSInvestigating detected or reported cases of accounts which appear to have been compromised. In many cases, these are phishing victims.

OTHER ISSUESAssisting individuals with a wide variety of issues with personal computers, devices, software and services such as email.

4 • Measures and Metrics Information Technology Services Information Technology Services Measures and Metrics • 5

IT Support ServicesIT Support Services

18,881

In April 2016 alone, the IT Support Centre investigated 634 copyright complaints, representing about 20% of that month’s issues.

634 Copyright Complaints

Total number of issues reported to and tracked by the ITSC from January to June, 2016.{ { JANUARY

49% 39%

12%

FEBRUARY

19%

60%

1%

20%

MARCH

53% 36%

1%11%

APRIL MAY JUNE

42% 50% 25%

5%

36%

3%

19% 20%

29%52%

2%16%

Core Service AvailabilityITS provides an array of services to the university. Core services are those regarded as essential to the day-to-day activities of the university. We began monitoring and logging availability of five core service applications in 2015, and will be expanding this to include others.

queensu.ca

January 31February 28March 30April 30May 30June 29

Number of days per month availability met or exceeded target

Amount of Time Per Day services were unavailable – Averaged over January through June 2016

Average daily core service availability during the first half of 2016

Moodle*

January 30February 28March 31April 27May 30June 28

Email

January 31February 29March 30April 30May 31June 30

MyQueen’sU

January 31February 28March 31April 29May 29June 29

QShare

January 31February 29March 29April 28May 30June 29

23.980 Hours

From January to June 2016, we exceeded our target with an average daily availability of 23.98 hours (99.9%).

ITS aims to have 100% availability for all core services we are responsible for maintaining; however, we do need small amounts of time to maintain the associated hardware and software, but occasional unanticipated problems inevitably occur. Our goal is that each of these core services be available at least 99.8% of the time, which translates to an average of 23.95 hours per day over each month.

Core Services Core Services

Information Technology Services Measures and Metrics • 76 • Measures and Metrics Information Technology Services

* Note: OnQ will replace Moodle in the next issue of this report.

Moodle is Queen’s Learning Management System prior to the decision to adopt OnQ (Brightspace) campus-wide.

MyQueen’sU serves as the main access point for students, faculty and staff to ac-cess many applications such as PeopleSoft.

Office 365 is a web-based suite of appli-cations delivered through the cloud, which includes Email and Calendar.

QShare is a web-based file storage, distri-bution and sharing solution for the Queen’s community.

Queen’s website queensu.ca 23.997

23.985

23.999

23.988

23.926

43 seconds

4 minutes/ 26 seconds

4 seconds

54 seconds

11 seconds

Measured in hours

IT and Information Security

Data Breaches

As universities and other organizations have improved the security and resiliency of their IT infrastructure, attackers are increasingly targeting people and their devices as a way to gain access to information, or to hijack systems.

About 59% of data breaches in 2015 are attributed to either user devices (laptops, tablets, etc. being infected with malware) or persons (essentially, people falling victim to phishing attempts).

Many people probably think of spam as nuisance email that fills our inboxes, forcing the recipient to waste time deleting all of these unwanted messages. In reality, much of the spam arriving at Queen’s carries “payloads,” such as malware and phishing attempts.

Spam Prevention

IT Security

Information Technology Services Measures and Metrics • 9

IT Security

8 • Measures and Metrics Information Technology Services

In a typical day, about 80% of email arriving at Queen’s is determined to be spam and blocked by ITS or Microsoft. Some spam does slip through however, and increasingly can be dangerous to open.

Number of email messages blocked as spam in a typical day.

1,240,793

Compromised Accounts from January to June, 2016

A Queen’s NetID can become compromised in a number of ways. Essentially, someone else learns what your NetID and password (your “credentials”) are, and starts using your NetID for a variety of nefarious purposes, including stealing your information or hacking into other computers. In the majority of cases, NetIDs become compromised because someone acted upon a phishing email or web link, and provided their login credentials.

Compromised NetIDs

In May 2016, Queen’s saw a sharp increase in compromised accounts, with 178 occurrences. This corresponds to a comparable spike in phishing attempts that month. Hackers are becoming more sophisticated and creative in their attempts.

13 1525

109

178

91

January FebruaryMarch

April

May

June

The university operation relies on many different computers and software applications, only some of which are managed by ITS. In accordance with the Queen’s University Electronic Information Security Policy and Authorization to Operate process, all systems and applications should undergo a security risk assessment before being put into service. This process will determine if there are common exploits or vulnerabilities present, which could put information at risk.

Security Risk Assessments

Security and Privacy Risk AssessmentsSuch assessments are conducted for services or systems provided externally to the university, but will be used by members of the Queen’s community.

Security Vulnerability AssessmentsGenerally, vulnerability assessments are conducted for new services or systems introduced within the Queen’s network environment. There were 53 of these done in 2015.

21# of Security and Privacy

Risk Assessments conducted between

January and June 2016.

8# of Security Vulnerability

Assessments conducted by a single ITS Security Analyst

between January and June 2016.

# of Queen’s employees who took the online IT Security Courses during January-June 2016.

# of Queen’s employees who took the online IT Security Courses since introduced in August 2014.

67799 Estimated percentage of Queen’s

employees who have never taken the online IT Security Course (based on an estimated employee headcount of 6,700 full-time and part-time).

Source: Verizon’s 2016 Data Breach Investigations Report

88%100%

Adoption of Enterprise Services Window File Service

Efficiency and Effectiveness Data stored in a central place enables greater access and better collaboration.

Security A central data repository in a secure data centre is a much safer place to store data.

Reliability Regular backups store important data in Windows File Service.

One measure of the effectiveness of an IT service is the degree that this service is adopted and used by campus stakeholders. Sometimes, factors such as service fees can inhibit such adoption. In concert with other changes in the ITS budget structure, it became possible to eliminate per-person or per-device fees associated with Windows File Service.

Windows File Service provides secure file storage in the Queen’s datacentre where departments can store and share their data.

PeopleSoft Support Workload Distribution

280

260

240

220

200

180

160

140

120

100

80

60

40

20

0

Queen’s integrated PeopleSoft application environment is complex and has an assortment of local customizations. Maintaining this environment, including applying regular software upgrades, is a challenging responsibility, but new needs or changes to university business processes have to be addressed too. Working with the Registrar, Financial Services and Human Resources, priorities are established to ensure that both “fixing” and “improving” can occur.

Support - System Analysts investigate reported issues or problems which may arise during production operations.

Data Fix - A database update to resolve production issues, typically due to error(s) that occurred during data entry.

New Development - New capability or functionality, such as a new report, interface or component, or a local customization.

Development Change - A change to application functionality to meet or improve new business requirements, (aka RICE Change).

Bug Fix - Correcting errors in local programming or apply a fix provided by the vendor.

Total 144 Total 144

Total 129 Total 126

Total 161 Total 160

Enterprise Services

Adoption of an enterprise service for sharing data and resources provides multiple benefits. The value yielded by this change includes:

From January to June 2016, more than one third of the team’s activities have been allocated to improving PeopleSoft features and functionality for the business owners and the end users.

PeopleSoft

Information Technology Services Measures and Metrics • 1110 • Measures and Metrics Information Technology Services

January February March April May June

40%Average proportion of System

Analyst activities which improve PeopleSoft features

& functionality

In a six month span 12 departments signed up to use Windows File Service.

# of departments

=

Information Technology Serviceswww.queensu.ca/its

Wireless NetworkingAnnual investment in the university’s secure wireless network ensures that ITS can continue to expand this service in order to keep pace with continually escalating demand. Between March 2015 and March 2016, peak Wi-Fi demand (measured as the number of devices requesting a connection) increased by 60%. A key ITS goal is ongoing expansion and refresh of the Queen’s Wi-Fi network so that it is able to handle peak load conditions, especially in high-traffic areas.

Secure wireless network service improvements

Student ratings on the reliability of Queen’s Wi-Fi service

Infrastructure

60%Increased # of

concurrent devices supported

Approximate increase in the maximum number of concurrent devices that the Queen’s Secure Wireless Network was able to support in April 2016 vs. April 2015.

Source: 2016 Educause ECAR Survey on Students and Technology. Based on ratings from 135 randomly selected Queen’s undergraduate students (5% response rate).

12 • Measures and Metrics Information Technology Services

of undergrads rated Wi-Fi reliability in classrooms as either good or excellent.

73.8%of undergrads rated Wi-Fi

reliability in libraries as either good or excellent.

81.3%