| Strategic Points ▼ | Division Ranking | Name | Campus Div. | Project Status | Projected End Date | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Schedule | Budget | Technical | Milestone | ||||||||||||||||||||||||||||||||||||
| 124 | 10 |
Enrollment Analytics project, including funnel report
|
Academic Affairs | On time | On budget | No barriers | On time | ||||||||||||||||||||||||||||||||
Status UpdatesHigh level status: Last year this project was split into two; one for Student Enrollment Analytics and one for Office of Institutional Research. In most cases the reports, audience and team members were the same. Detail: High level milestones were detailed for the project. This is most certainly a high level as there are 1,200 reports that need to be developed but are summarized in two lines of ETL and Modeling along with 2 lines for report development. DescriptionDevelop automated or semi-automated data warehouse and business analysis process to replicate enrollment planning processes previously manually done by Larry Glasmire. In cooperation with Academic Affairs, deans, and department chairs, develop initial tools and reports for direct use by same. Develop new queries in SacVault to facilitate OIR reports. This includes transferring historical data into SacVault and mapping APDB and ERS data in the Data Warehouse. Milestones/Deliverables
Team
|
|||||||||||||||||||||||||||||||||||||||
| 113 | 0 |
Federated Support Plan
|
Collaborative Project | On time | On budget | No barriers | On time | ||||||||||||||||||||||||||||||||
Status UpdatesThe Power Point presentation is ready. We are on hold until further notice. DescriptionIntroduce a federated IT support plan for Academic Affairs that minimizes their cost and maximizes their support. Milestones/Deliverables
Team
|
|||||||||||||||||||||||||||||||||||||||
| 112 | 4 |
Mitigate Technical Vulnerabilities
|
Information Resources and Technology | Could be late | Internal labor only | No barriers | Behind schedule | 11-20-2009 | |||||||||||||||||||||||||||||||
Status UpdatesWe have completed gathering the assets Lists for all 23-program centers and we have completed collecting the audit finding reports for the 11 program centers that were issued them. We have received 17 of the 23 program centers that have been giving critical vulnerability reports and are showing a downward trend of remediation. The ISO feels that if this trend continues we will be able to close this project on 11/20. We are continuing to work with individual groups regarding outstanding critical vulnerabilities. Status of Responsive Groups to the Critical Vulnerability Reports Returned = 8 Pending = 5 Not Completed = 8 Completed vulnerability trending report and set baseline for comparison at 7 days. Ran initial reports for 11/5/2009 and will follow-up with weekly reports henceforth. We are working with the final 2 groups to complete the Asset Listing (out of 23), the final 4 groups to complete the audit findings (out of 11) and the remaining 11 groups to finalize the critical vulnerabilities (out of 21.) A copy of the assets assigned to each program center was sent to the dean and lead ITC for verifications. The following statistics are for the asset list returned to the Information Security Office as of 10/23: Returned = 12 Pending = 1 Not Completed = 10 A copy of the asset findings report was sent to each program center dean and lead ITC for acceptance and mitigation of the findings. The following are the numbers for the asset findings reports returned to the Information Security Office as of 10/23: Returned = 5 Pending = 1 Not Completed = 5 A copy of the critical vulnerabilities findings report was sent to each program center dean and lead ITC for acceptance and mitigation of the findings. The following are the numbers for the asset findings reports returned to the Information Security Office as of 10/23: Returned = 2 Pending = 4 Not Completed = 17 Vulnerability reports have been sent to all program center administrators and designated server administrators along with instructions for accessing the campus vulnerability scanner. A copy of the assets assigned to each program center was sent to the dean and lead ITC for verifications. The following statistics are for the asset list returned to the Information Security Office as of 10/23: Returned = 11 Pending = 2 Not Completed = 10 A copy of the asset findings report was sent to each program center dean and lead ITC for acceptance and mitigation of the findings. The following are the numbers for the asset findings reports returned to the Information Security Office as of 10/23: Returned = 4 Pending = 1 Not Completed = 6 Completed Non-Compliant Systems Report Overview describing the different sections of the vulnerability report being sent to VPs, Deans and technical Staff Database and report generating engine completed. This system associates technical vulnerabilities, best practice vulnerabilities, vulnerability trending and border firewall exceptions to assets, asset owners and system administrators in reports that will be provided to updated asset owners. A copy of the known assets assigned to each program center was sent to the dean and lead ITC for verifications to ensure that IRT records were up to date. The following are the asset list returned to the Information Security Office as of 10/16: Returned = 4 Pending = 3 Not Completed = 16 All assets owners have been identified and mailed copies of Information Security Audit letters, audit reports for computer assets with associated findings and known asset listings with high level security information. DescriptionIdentify all systems and their physical location. Provide vulnerability reports to Program Centers. Collect Program Center responses for audit report. Given the heavy impact on program centers of our required response to the audit, we want to avoid overburdening you and your staff by requiring a response to all five issues at the same time. We are therefore rolling out our response by asking you to address each issue in turn, on about a monthly basis. Our first task is therefore to mitigate critical technical vulnerabilities on our computer systems. This first project has three specific milestones, each of which may require action by you and your staff members. Milestones/Deliverables
Team
|
|||||||||||||||||||||||||||||||||||||||
| 112 | 4 |
Comply with computer patch management and change management requirements
|
Information Resources and Technology | Not started | Not started | Not started | On hold | 12-11-2009 | |||||||||||||||||||||||||||||||
Status UpdatesThe Information Security Office has publish training materials on patch and change management to the ISO website. This website includes the guidelines and standards established by the CSUs and Sacramento State Infromation Security Office. DescriptionCombine people, technology and operational best practices to create a unified and proactive patch and change management strategy for campus information systems. This will ensure that the campus can maintain business continuity, ensure availability of system to end users and prevent unplanned downtime. Scope: The Sacramento State Information Security policy requires the campus to be in compliance with patch management and change management requirements. To address this requirement the ISO will 1. Roll out and publish training materials on patch and change management guidelines and standards. 2. Provide tools and resources to campus IT support personnel to identify devices and assets that are in scope for patch management and change management. 3. Establish a monitoring and/or audit mechanism to ensure that patches are applied to vulnerable systems 4. Publish guidelines for campus IT personnel on working with vendors and other resources for available patches Milestones/Deliverables
| |||||||||||||||||||||||||||||||||||||||