Transcript IST_Townhall_June_23_v1.6x

IST Townhall
June 2015
1
Agenda
•
•
•
•
•
•
Recruitment
UM Leaders Program
Voluntary Days Off Program
IT Security (OAG)
Org Structure – next iteration
Questions
2
Recruitment
• Janice Derco – Director, Planning & Governance (interim)
– Joined IST on Monday, June 8
– Reporting to Mario Lebar
• Larry Kuzmack – Manager, Production Control and Integration
(interim)
– Joined IST on Tuesday, May 19
– Reporting to Doug Stoyko
• Director of Information Security & Compliance
– List interviews scheduled to complete by end of June
– Target is August 31st for new Director to be on-site
3
UM Leaders Program
To our IST Leaders who successfully
completed the UM Leaders Program in
May 2015!!
4
New – Voluntary Days Off Program
Offers staff the opportunity to take up to 10
additional days off (unpaid) without losing
service, pension or vacation entitlement
accruals
Speak to your leader for more information
5
IT Security
6
Background
• An IT Security project started in September 2013 to
deal with the OAG recommendations
• Unfortunately, not sufficient progress made by June
2014 and became highest priority work across IST for
remainder 2014-15
• Project structure implemented.
7
OAG Recommendations (21)
Unix Servers – Trust Relationships 
Activity Monitoring *
Developers’ access to production 
Unique Oracle DBA accounts 
Access rights in Unix/Linux 
Finance - User access to financial
systems *
Finance - Review of user access to
financial systems *
Disable terminated users on a timely
basis *
Strengthen server configuration *
Windows operating system security
controls *
*
* In progress
^ New
8
Oracle database password settings
Password strength in Unix environment *
Formal Disaster Recovery Plan (DRP) *
Formal change management process *
Formal IT Risk assessment process*
Annual re-verification of compliance to
end user policy *
Review payroll authorization reports 
Business Continuity Plan *
Finance - Faculty of Medicine review of
operating statements *
Access rights in payroll system 
Information Security Policy ^
25
20
Phase 1 – ready for Oct 2015 audit
 2 are complete and require time
for compiling evidence for OAG
(2007/08 and 2012/13)
 3 IT Security initiatives underway
(2007/08, 2009/10, 2013/14)
Phase 2 – ready for Mar 2016 audit
 Business Continuity / Disaster
Recovery Plan (2008/09, 2007/08)
 1 from Registrar (2007/08)
 2 IT Security initiatives underway
(2007/08 *2)
Phase 3 – ready for Oct 2016 audit
 4 recommendations will be
resolved with the IAM solution
(2011/12 * 2, 2012/13 * 2)
 1 recommendation for an IT
Security Policy (2014/15)
NOTE – no assumptions made
regarding new OAG
recommendations
15
10
5
0
Open
Resolved
10
Since the December townhall
 Revised the structure based on feedback
from HR (January)
 Submitted the org structure and the
management jobs descriptions to AESES
for feedback (March)
 Revised the org structure based on
feedback from AESES (June)
11
Org structure as of March 2015…
12
June 2015 Proposed Alternative
13
Top level
December 2014
June 2015
Security and Compliance
December 2014
·
·
·
·
·
·
·
·
·
June 2015
Incident Response
Education & Outreach
University & Program Leadership
Policy & Process Compliance
IT Audit Response
Identity Management
IT Service Continuity Management
Information Security Management
Records & Document
Management
Note:
The Enterprise Security Architect has dual reporting. To the
Director, IS&C for security work priorities and to the Chief
Architect for primarily input to strategic plan, building the
architecture practice and competency development
Planning and Governance
December 2014
·
·
·
·
IT Strategic Planning
Enterprise Architecture
Solution Architecture
IE: Network, Infrastructure,
Application, Data,
Multimedia
·
·
·
·
·
·
Vendor management
Contract administration
IT procurement
IT Financial Management
Human Resource
Management
Resource Management
June 2015
Client Solutions and Services
December 2014
·
·
Service level management
Service Catalogue
management
·
·
·
·
·
·
·
·
·
·
·
·
Business relationship
management
IT Advocates
Deliverable acceptance
management
Procurement consulting
Incident management
Service request fulfillment
Problem management
Help desk
Knowledge management
Desk/Mobile phone
ordering
Access management
“Easy” sys admin
Head
Client Support
·
·
·
·
·
·
Open area labs
Teaching labs
Desk side
Classroom technologies
Mobile devices
Telephony
June 2015
Build Services
Chief Technology Officer
December 2014
Head
Service Asset &
Configuration Management
Head
Core Application Build
·
·
·
·
·
·
Application development
management
Quality assurance build
Integration build(SOA, ESB,
ETL)
SDLC and Tools
Release management
Report Development
·
·
·
·
Server build
Storage allocation
Network /Cabling/Tech/
Communications
Classroom technologies
installation
·
·
Service asset and
configuration management
Change management
June 2015
Run Services
Chief Technology Officer
December 2014
Head
Core Applications Run
·
·
Head
Core Infrastructure Run
·
·
·
·
·
Application maintenance
management
Quality assurance run
Head
Developers
Shared with
Build Team
Head
Integration
Head
Analysts
Event management
IT operations management
Availability management
Capacity management
Performance management
Research & Education
Rapid Response Team
% Network & Communications
% Storage
% DBMS
% Server & OS
%Analysts
% Developers
%Integration
Head
Network,
Communications, Cable /
Tech Services
Head
Database & Storage
Head
Systems & Services
Head
Multimedia Production
Infrastructure Resource Pool
Research &
Education
Clients
Applications Resource Pool
19
Run Services
June 2015
20
IST EMAPS Jobs
Total IST EMAPS Jobs
Current structure
19
“Strawman” (as presented at Dec. townhall)
34
AESES Presentation (as of March 2015)
25
June 2015 proposed alternative
22
21
AESES Job Counts
• Current
– AESES has 174 “positions”
• June 2015 proposed alternative
– AESES would have 170 “positions”
22
What are your
initial
Questions?
Observations??
23
Immediate next steps
 Post presentation and FAQs to IT
Transformation web site
 Follow-up team meetings with your
Directors to answer questions
 Business as usual!
24
Your feedback continues to be important to use!
• Share your feedback and questions directly
with your manager.
• Email your questions and feedback to
[email protected]
• Talk to someone on the IT Transformation
Program
• Post your questions/comments anonymously
on the printed org charts
25