January 14, 2016

TO: Campus IT Leaders
FR: Matthew Hall, Associate Vice Chancellor for Information Technology and Chief Information Officer

RE: Happy New Year from your AVC for IT & CIO

Hello everyone and happy 2016!

It’s already been a very busy couple of weeks as we ramp up after the holiday season. I encourage each of you to reach out and continue an on-going dialog with me regarding IT operations and security on campus. I also want to convey a few things that you might find interesting:

1. Campus IT Governance (ITB / ITC / Security): I met with the EVC, Vice Chancellors, and other members of the IT Board this week. The primary topic centered around both how we consider projects and what defines “enterprise” IT. It was a vigorous and affirmative discussion. What does a new IT Council (ITC) charter look like? Who should sit on the group? How can engagement and collaboration be assured? Here is a link to the legacy charter for the ITC for your reference. Based upon our discussion, Elise Meyer is engaged in extending and modifying the charter for discussion at our February IT Board meeting. Feel free to offer any observations, concerns, or ideas to either me or Elise as she works toward a February 1st deadline for a draft of the 2016 ITC Charter. Key attributes identified by IT Board members of Enterprise (or Campus) IT include, but are not limited to,

"Majority of Campus"

"Significant Impact"

"Critical to the campus"

"High Degree of Risk"

2. There is a program titled HPC@UC proposed by a collection of UC research organizations spearheaded by UCSD: “Advanced cyberinfrastructure (CI), including high performance computing (HPC) systems, are critical to advancing science and discovery across a wide range of research domains.” If you have feedback or questions, please feel free to review the document below, and I will aggregate the feedback. Several IT leaders in the community have already provided feedback. Details are in the below document.

3. UC Wide IS-3 Security Policy Revision: I spent the majority of this week in Oakland and Berkeley discussing UC Information Security Policies, issues, education, and adoption of the NIST CSF framework in the context of our new policy models. Informal conversations with a subset of UCSB IT leaders coincidentally landed on NIST CSF. Link here for NIST: http://nist.gov/cyberframework/csf_reference_tool.cfm. If you have an interest in contributing to, reviewing, or discussing the impact or content of the new policy and where it is in the process, contact Sam Horowitz.

4. Campus Architecture: We have identified several very gracious members of our community to lead architecture activities in the domains of Identity and Access Management (Jim Woods and Shea Levan), Electronic Messaging and Calendaring (Richard Kip), Converged Network (Doug Drury), and Business Systems Architecture (Bruce Miller). Other domains will emerge over time: Business Intelligence, Application Development, and Cloud will certainly be areas of critical interest. The scope of the activities for the initial phase is to describe the present state of affairs in each architecture domain. Subsequent steps include defining the target state and building the gap plan to bridge where we are with where we want to go. If you want to participate or have insights to share in any or all of these domains, let me know, and I will direct you to the appropriate community members.

5. Cyber Security Plan for UCSB: Last fall, I convened several IT leaders into an informal security and operations group. My hope is that this group will be the genesis for a continued and more broadly inclusive dialog on the confidentiality, integrity, and availability of our environment. It will be difficult to accommodate 392 voices into this dialog, but if you have an interest in this area, please let me know, and I will take it to the group at our next meeting on January 22 to arrive at a plan for greater inclusion in this discussion. Additionally, I reached out and was met with a positive response from Prof. Bhavnani to help identity faculty participation in this critical dialog. Much more to follow.

I look forward to hearing your feedback or meeting with you in person to discuss any of these issues or anything else you have in mind.

Matthew Hall
Associate Vice Chancellor for Information Technology and Chief Information Officer
Cyber-Risk Responsible Executive
4101 SAASB University of California, Santa Barbara
Santa Barbara, CA 93106-3020
805-729-7504 (m)
615-497-1082 (m)