Transcription

JULY UNIT REPORTSAPPLICATIONS ‐ RAY AVILASYSTEMS ‐ PHIL MARQUEZSECURITY ‐ MIKE MEYERTECHNOLOGY SUPPORT ‐ RICK ADCOCKUH IT NETWORK/NETSEC ‐ CHARLIE WEAVERHSC 2021 VISION

APPLICATIONSRAY AVILAAccomplishments Created new course materials and tutorials for Moodle and Learning CentralProvided curriculum support for Moodle and Learning CentralFacilitated Zoom support sessions for MultiFactor Authentication (MFA)Successfully tested PolicyManager attestation and newly created LDAP rulesContinued SailPoint administrator trainingIn‐ProgressProjects in flightStatusSharePoint Online/M365 transition – ActiveFaculty Directory implementation3/1/20228/20/2021Metrics SharePoint2010 End‐of‐Life (EOL) activity tracking:Total sites: 73Site Owner awaiting engagement ‐ 49Site Owner engaged/awaiting feedback ‐ 8Migration to SharePoint On‐line (SPO) in process ‐ 7Migration to alternative platform in process ‐ 1Requiring vendor assistance ‐ 0Marked for deletion/abandonment ‐ 11 M365 usage information:Teams Activity:Teams usage:.

SharePoint Online Storage Use:SharePoint Online Total and Active Sites:SharePoint Online users by activity:OneDrive Storage use:OneDrive File Count:

SYSTEMSPHIL MARQUEZAccomplishments Exchange Mail Migration to M365 completeo The migration of separated employee mailbox data was completed closing outthe email migration project.o The old on‐premise Exchange environment has been turned over to UH Systemsteam to decommission the hardware. Azure/M365o Configured MFA to be functional across the organization as groups continue tobe addedo Configured new PhishAlarm button to appear in Desktop and web‐based Outlookclients Metallic cloud backup implementation fully configured and almost complete forprotected servers.o Initial phase was to migrate Commvault backups to Metallico Next phase is to identify areas not yet being backed upo Future phase is to look at M365 backup protectionIn‐Progress Continued supporting security efforts across HSC CIO supported servers and storage Continued implementation of Metallic Cloud backup across HSC managed servers andstorageo Dell NAS initial full backup still in progress. Initial full backups take a lot of time. Investigating refresh of on‐site storage hardwareMetrics No System DowntimeRecognition Marcia Sletten for her efforts to support office space improvements and telecommutingwork plans. Antoinette Martinez for her purchasing and finance support in budget preparation,reminders of upcoming recurring renewals, processing large purchases and trackingongoing budget status.

INFORMATION SECURITYMIKE MEYERAccomplishmentsACTIONCompleted lessons learned fromincident, including top 20 securityenhancements. Briefings began.Carbon Black endpoint detection andresponse extended for three yearswith managed services.Continued to maintain very lowvulnerabilities on public‐facingdevices and websites, especially forcriticals and highs. The two highs inlast month’s report are resolved.Deployment of multi‐factorauthentication on Microsoft 365 isunderway and about 50% complete.IMPACTPrioritized roadmap for enhancing security to reducerisk from our biggest threat – ransomware.We now have one of the key controls that securityexperts and insurers recommend. Managed servicesmeans that we have a company monitoring activityand alerting us 24x7 when immediate action isrequired.Criticals ‐ Continues at 0Highs ‐ Continues at 0Medium ‐ 119 (Decreased from 130)99.9% prevention of user credential theft, thus asignificant reduction in ransomware risk.In‐ProgressPROJECT/ACTIVITY PLANNEDCOMPLETION DATERansomwareSEP 2021Playbook forincident responseTurn “Top 20OCT 2021SecurityEnhancements”into roadmapImplementJUL 2021Microsoft Multi‐FactorAuthentication forM365, CAG andVPNVulnerabilitymanagement –Develop matureRed 2021 – Brief ITAC,ECC, and EIGC so thatSTATUS (Red,Yellow, Green)GreenNOTESGoal is to improve ourresponse to any futureransomware attempts.GreenRedYellow365 MFA rolloutapproximately 50% complete,with completion expectedNLT 30 Aug.CAG MFA continues toencounter technicalproblems.ISO briefed ITAC.

process to identifyand trackperimetervulnerabilities andtheir mitigations(MichaelSchalip/Zander)Cyber SecurityStrategic Plan(Mike)policy and plan can beapproved by core.FEB 2021 (2021 Goals)Complete*AUG 2021 (2022 Goals) (re‐baselinedfrom APR then againJUL)YellowBrief 2021 strategicobjectives. Develop long‐term plan to improve cyberposture.Note: ISO deferred work onthis milestone due to incidentresponse.METRICS (Last 30 Days)PerimeterVulnerabilitiesMalware Preventedby EDRMETRICMalicious inbound email messagesblockedNUMBER19,710Malware stopped by Carbon Blackendpoint detection and response(EDR)701Data Loss Prevention (DLP) –Outbound emails blocked for PHI 287Malicious MessagesBlockedNOTESProofpointis our emailfilteringapplication

METRICNUMBER OF REQUESTS FORSECURITY REVIEW REQUESTS THISMONTH (ZANDER)NUMBER 19 Data User Agreements/securedata transfer requests 24 Software/Cloud App Purchasesand Renewals 5 Vulnerability Scans 38 OtherCHANGE REQUESTS 10 Change RequestSSL CERTIFICATES ISSUED ORRENEWED 1 SSL certificates issuedPERIMETER VULNERABITIES Criticals – 0 (Same as previousmonth)Highs – 0 (Same as previousmonth)Medium – 119 (Decreased from 130) NOTESRecognitionMr. Michael Schalip must be recognized for his relentless efforts in managing and leading thedeployment of Carbon Black EDR and managed services, which went live on 4 Aug 2021. Hisefforts not only to manage the transition but to communicate widely among stakeholdersdirectly contributed to the resounding success of this effort and the new protection againstransomware that it provides. Mr. Schalip has found a home in the ISO and we are glad to havehim.

TECHNOLOGY SUPPORTRICK ADCOCKAccomplishments Finished interviews for IT Support Tech 2 positionPatched SailPoint to version 8.1p3, and setup Azure Active Directory synchronizationSetup MFA groups and entitlementsBuilt and pushed Carbon Black to OSX ManagementBuilt Munki reporting dashboardData analysis for Carbon Black bypass devicesProvided Training for New IT Service Desk staffData Analysis for McAfee version issuesIn‐Progress Multifactor Authentication DeploymentNMTR Move to the Health domainContinued support of the GEER grantRe‐organization of HSLIC room 317 offices to accommodate additional personnelDefining processes for new endpoint security monitoringObtaining job skill codes in the Banner feed to correctly assign Microsoft licensesDeploying workstation hardening group policyMetrics

RecognitionVernon Bell has a very strong work ethic. He is always here and on time and stays as long asneeded. He is extremely productive, he moves from one task to the next and keeps going. He issomeone that the faculty and staff can count on as well as his peers. Vernon has been on‐siteproviding IT phone support for HSC faculty, staff, and students during the entire pandemic.Vernon is also an 18 year employee who has served in IT positions in OB/GYN, Pediatrics,Cancer Center, and the CIO office.

UH IT NETWORK/NETSECCHARLIE WEAVERAccomplishments Most of the past month has been devoted to incident management & responseNetwork change freeze in place due to recent outageso Data Center network 7/13o HSSB Core switch 7/23o Root cause ascertained for bothMultiple JNIS sub team activities (Incident Management, Vulnerability Management,etc.) in flightUNM/Century Link fiber reroute project beginningIn‐Progress Network Managed Service option being exploredCAG MFA integration continuing to experience integration difficulties; 365 roll‐outcommencingOutside facility access switch replacements on holdUH distribution layer switch replacements on holdHSC distribution layer switch replacements on holdFY22 equipment purchases beginning due to six month supply chain related lead‐timesANM Advanced Services engagement for data center network & overall network ‘getwell’ plan in processMetrics Total Access Layer Switches (UNMH, HSC, Remote):Total Access Layer Switches replaced to date:Access Layer Switch replacement % completion:Total Distribution Layer Switches (UNMH, HSC):Total Access Layer Switches replaced to date:Distribution Layer Switch replacement % completion:Recognition HSO ISO & Cyber Security team for outstanding teamwork 70051 7%418 19%

1) Security first, then everything follows.2) Cloudification with an emphasize on storage, backup and recovery.3) Service Delivery from our customers’ perspective.4) Collaboration with Microsoft 365 adoption.5) Network Modernization 1st year of a 5-year transformation journey.

18-Month Strategic RoadmapMarquezMeyerMicrosoft 365AdcockWeaverCyber SecurityIT ServiceManagementNetwork /Policies1. Transfer domains1. 6 KPIs1. Requirements1. 4 KPIs Dashboard1. Charter for EIGC1. Storage upgrade2. Data migration2. Azure MFA2. Network architect2. Aging tickets Rpt.2. Policy Manager2. Backup/Recovery3. Test3. RCA process3. Phase 1 of 3 in prog 3. Service Recovery4. Training & Support4. Vulnerability Assess 4. KPIs5. Archived Termed EE 5. Phishing program6. CMMC framework4. Remote sup. tool5. Staff development5. NPS survey6. Upgrade Internet6. Single service portal2020JULAUGSEPTOCT3. IT Website upgrade2021NOVDECJANFEBMARAPRMAYMicrosoft 365JUNJULAUGSEPTOCTNOVDEC100%Cyber Security80%Network Redesign: 5-year project75%IT Services ManagementGovernanceBusiness Resiliency90%100%80%

SharePoint Online/M365 transition – Active 3/1/2022 . o The migration of separated employee mailbox data was completed closing out the email migration project. . o Dell NAS initial full backup still