it briefingit.emory.edu/news/it_briefings/documents/2013/2013-06-20 it... · it briefing agenda •...
TRANSCRIPT
IT Briefing June 20, 2013Goizueta Business SchoolRoom GBS-234
20-JUN-13
IT Briefing Agenda
• ServiceNow Update & Demo• Service Desk Update
• ColdFusion 9 Update• Office 365 Update• Core Router Update• Security Update
• Luc Dalla Venezia• Sharon Gregory, Anne Marie
Alexander, Kathy Hayes• Kevin Chen• Scott Swann• Mike Politinsky• Brett Anderson
2
20-JUN-13
ServiceNow Update
Luciano Dalla VeneziaIT Service Mgmt Specialist II, ITSMO,
Integration
3
20-JUN-13
Which is better?
4
OR
20-JUN-13
5
20-JUN-13
6
20-JUN-13
Highlights & Next Steps
• Users without Roles will go directly to new Self-Service page
• There is a link for ITIL users– Under Self-Service Application: ESS-Homepage
Timeline:• Current Sprint Activities – next 2 weeks
– Complete final development– Develop communication and marketing
7
20-JUN-13
ServiceNow Update
?Questions
8
20-JUN-13
Service Desk Update
Sharon GregoryManager, Service Desk, Enterprise Services
Anne Marie AlexanderManager, ID Management Team, Integration
Kathy HayesBus Analyst II, Faculty Services, Academic
Technology Services
9
20-JUN-13
10
Password Resets
Self-service
20-JUN-13
11
Password Resets
Desktop – 6,41925.72%
Voice Service – 4,07516.33%
Password Resets – 4,10116.43%
Total Tickets Created by Service DeskSeptember 2012 – May 31, 2013
24,953
20-JUN-13
Teamwork – Tier 2 to Tier 1
13
Blackboard
UTS Client Services
Vidyo Desktop Paging/Mobile Messaging
Law School Service Desk
AmCom Mobile Connect
Unified Messaging
Lync
More Coming Soon
20-JUN-13
Teamwork
• http://youtu.be/0Q8DriPCX2o
14
20-JUN-13
Knowledge Centered Support
15
Knowledge
“Knowledge is the key that unlocks all the doors. You can be green-skinned with yellow polka dots and come from Mars, but if you have knowledge that people need instead of beating you, they'll beat a path to your door.” Ben Carson, Think Big: Unleashing Your Potential for Excellence
(gifted neurosurgeon famous for his work separating conjoined twins)
20-JUN-13
16
??
?
???
??
20-JUN-13
ColdFusion 9 UpdateMigration to the New Architecture
Kevin ChenSr. Manager, Integration Operations, Integration
17
20-JUN-13
18
The Migration is Done
20-JUN-13
• All CF sites migrated to the new architecture in April
• 113 ColdFusion sites
• All CF tags and functions working
• ColdFusion7 servers decommissioned in May
19
20-JUN-13
The Hero is….
Gerry HallWeb Hosting
UTS
20
20-JUN-13
ColdFusion 9 Update
?Questions
21
20-JUN-13
Office 365 Faculty/Staff/EHC
Scott SwannProject Manager II, PMO
22
20-JUN-13
Office 365 Faculty/Staff/EHC
• UM – Voicemail in the cloud• Archiving in the cloud• 2013 Blue Version• 2-Way Trust• First Wave implementation
– UTS project team, then the rest of UTS– Emory College– Oxford– Theology– GBS– LAW
23
20-JUN-13
Office 365 Faculty/Staff/EHC
?Questions
24
20-JUN-13
Core Router Update
Mike PolitinskyManager, Network Engineering, Infrastructure
25
20-JUN-13
Migration of Wireless to New Core Routers
26
20-JUN-13
27
20-JUN-13
IT Security Update
Brett AndersonSr Information Security Specialist, Information Security
28
20-JUN-13
IT Compliance Initiatives
2012-2013 Compliance Initiatives
• HIPAA Security Assessments – Used an automated Compliance Management tool
(Archer)
• PCI Data Security Assessments– Used SSC-approved web tool called Navis
29
20-JUN-13
HIPAA Security Assessments – WHY?
30
ü Criminal PenaltiesØ $100-$50,000 / violationØ Possible Prison time (1-10 years depending on the situation)
ü Authorizes state attorney general to bring a civil action in federal district court against individuals who violate the HIPAA rules.
20-JUN-13
HIPAA Security Assessments – WHY?
31
20-JUN-13
HIPAA Security Assessments – HOW?
32
20-JUN-13
What is ePHI?
33
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is aggressively enforcing the HIPAA Privacy and Security Rules regulating the use, disclosure and protection of health information Protected Health Information (PHI).Protected Health Information (PHI) is any information, whether oral or recorded in any form or medium, that….
(1.) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or healthcare clearinghouse and;
(2.) Relates to: ü past, present, or future physical or mental health or condition of an individualü the provision of health care to the individualü past, present, or future payment for the provision of health care
(3.) And can be used to reasonably identify an individual____________________________________________________________________________________________ ePHI is protected health information (PHI) that is created, stored, transmitted, or received electronically. All protected health information (PHI) is subject to HIPAA regulation.
ePHI
Geographic Subdivisions(smaller then state)
Phone Numbers Fax Numbers
Electronic Mailing Addresses
Social Security Numbers
Medical Record Numbers
Hea
lth P
aym
ent
Info
rmat
ion
Patient Name +
RxNumber +
Patient Name +
Address + Drug NameHealth Plan Beneficiary
NumbersMedical Device identifiers &
Serial Numbers
Certificate / License Numbers
Biometric Identifiers
Full Face Photographic Images
Vehicle identifiers & Serial Numbers
Internet Protocol (IP) Address Numbers
Any other unique identifying number, code etc
Web Uniform Resource Locators (URLs)
Device Identifiers & Serial Numbers
Account Numbers
Dates related to an Individual(other then year)
Doctor > Patient
Test Results
Health Plan
Lab Results Emailed
Examples
18 Identifiers
+
+
Social Security # +
Health information + IP Address of Individual’s Home
Patient Name + Reason for Visit
Pat
ient
Id
entif
icat
ion
Bra
cele
t
Demographic information about a patient contained in EHC (power chart / millennium)
Patient Note + Stored on PDA or Mobile Device
Photo of Patient
=
20-JUN-13
HIPAA Security Assessments – ePHI?
34
ePHI
ePHI Inventory• Applications• Servers• Workstation
Logical Storage
• Shared Storage• Backup Storage
Physical Storage• Hard Drives• Smart Cards
In ScopeSearch & Secure
20-JUN-13
HIPAA Security Assessments – Results
• 100% Participation – 328 unique Assessments– Thousands of servers, workstations, network devices,
mobile devices, and facilities inventoried and assessed• Where were most of these findings?
– Security management processes, audit controls, and training
Largely Successful!
35
20-JUN-13
PCI Security Assessments – WHY? Ø The Payment Card Industry Data Security Standard (PCI DSS) is a set of
requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment
Ø Essentially, any merchant that has a Merchant ID must adhere to these standards
Ø The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of Payment Card Industry (PCI) with focus on improving payment account security throughout the transaction process
Ø Emory is a Level 2 – We process > 1 million credit card transactions / year
Ø Major fines associated with non-compliance
36
20-JUN-13
PCI Security Assessments – WHY? Ø What is Cardholder Data and what can you do with it?
37
20-JUN-13
PCI Security Assessments – How? Ø Office of Debt and Cash Management in conjunction with Enterprise Security
conducted PCI Assessments.Ø Merchants were required to provide information regarding how they process
credit cards. This resulted in a required Self Assessment Questionnaire (SAQ).
38
20-JUN-13
PCI Security Assessments – How? Ø Office of Debt and Cash Management in conjunction with Enterprise Security
conducted PCI Assessments.
Ø Merchants were required to provide information regarding how they process credit cards. This resulted in a required Self-Assessment Questionnaire (SAQ). (4-5 month process)
Ø Depending on how you process depends on your PCI Compliance requirements.
Business Process + Technology Components = Level of Compliance
SAQ ASAQ BSAQ C
SAQ CVTSAQ D
39
20-JUN-13
Security Update
?Questions
40
20-JUN-13
Thank you for coming!
41