ist townhall june 2015 - umanitoba.ca
TRANSCRIPT
Agenda
• Recruitment • UM Leaders Program • Voluntary Days Off Program • IT Security (OAG) • Org Structure – next iteration • Questions
2
Recruitment
• Janice Derco – Director, Planning & Governance (interim) – Joined IST on Monday, June 8 – Reporting to Mario Lebar
• Larry Kuzmack – Manager, Production Control and Integration (interim) – Joined IST on Tuesday, May 19 – Reporting to Doug Stoyko
• Director of Information Security & Compliance – List interviews scheduled to complete by end of June – Target is August 31st for new Director to be on-site
3
4
UM Leaders Program
To our IST Leaders who successfully completed the UM Leaders Program in
May 2015!!
New – Voluntary Days Off Program
5
Offers staff the opportunity to take up to 10 additional days off (unpaid) without losing service, pension or vacation entitlement
accruals
Speak to your leader for more information
Background
• An IT Security project started in September 2013 to deal with the OAG recommendations
• Unfortunately, not sufficient progress made by June 2014 and became highest priority work across IST for remainder 2014-15
• Project structure implemented.
7
OAG Recommendations (21)
Unix Servers – Trust Relationships Activity Monitoring * Developers’ access to production Unique Oracle DBA accounts Access rights in Unix/Linux Finance - User access to financial systems * Finance - Review of user access to financial systems * Disable terminated users on a timely basis * Strengthen server configuration * Windows operating system security controls * *
Oracle database password settings Password strength in Unix environment * Formal Disaster Recovery Plan (DRP) * Formal change management process * Formal IT Risk assessment process* Annual re-verification of compliance to end user policy * Review payroll authorization reports Business Continuity Plan * Finance - Faculty of Medicine review of operating statements * Access rights in payroll system Information Security Policy ^
8 * In progress ^ New
0
5
10
15
20
25
OpenResolved
Phase 1 – ready for Oct 2015 audit 2 are complete and require time
for compiling evidence for OAG (2007/08 and 2012/13)
3 IT Security initiatives underway (2007/08, 2009/10, 2013/14)
Phase 2 – ready for Mar 2016 audit Business Continuity / Disaster
Recovery Plan (2008/09, 2007/08) 1 from Registrar (2007/08) 2 IT Security initiatives underway
(2007/08 *2) Phase 3 – ready for Oct 2016 audit 4 recommendations will be
resolved with the IAM solution (2011/12 * 2, 2012/13 * 2)
1 recommendation for an IT Security Policy (2014/15)
NOTE – no assumptions made regarding new OAG recommendations
Since the December townhall
Revised the structure based on feedback from HR (January)
Submitted the org structure and the management jobs descriptions to AESES for feedback (March)
Revised the org structure based on feedback from AESES (June)
11
Security and Compliance
December 2014 June 2015
Note: The Enterprise Security Architect has dual reporting. To the Director, IS&C for security work priorities and to the Chief Architect for primarily input to strategic plan, building the architecture practice and competency development
21
Total IST EMAPS Jobs Current structure 19
“Strawman” (as presented at Dec. townhall) 34
AESES Presentation (as of March 2015) 25
June 2015 proposed alternative 22
IST EMAPS Jobs
AESES Job Counts
• Current – AESES has 174 “positions”
• June 2015 proposed alternative – AESES would have 170 “positions”
22
Immediate next steps
Post presentation and FAQs to IT
Transformation web site
Follow-up team meetings with your
Directors to answer questions
Business as usual!
24
Your feedback continues to be important to use!
• Share your feedback and questions directly
with your manager.
• Email your questions and feedback to
• Talk to someone on the IT Transformation
Program
• Post your questions/comments anonymously
on the printed org charts 25