WIXLIB

IT Board UpdatePortland Community College2017Office of the CIO1

Agenda1.2.3.IT StrategyInfoSec: Defense in Depth (DiD)Portfolio ManagementAppendix: IT Strategy Additional Slides1

IT Strategy3

Our VisionInformation TechnologyTo be a nationally recognized standard for Higher Education InformationTechnology organizations by providing predictable, quality and cost effectiveservice to Portland Community College and driving excellence in educationthrough technology innovation.3

Our MissionEnable Student SuccessWe leverage technology, innovation and the passion of ouremployees to support opportunity & equitable student success.Optimize Enterprise ArchitectureBy making the right technology and investment choices throughintentional design practices, we ensure our solutions are optimallyaligned to stakeholder need and are intelligently architected,maintainable, sustainable, equitable and inclusive.Secure the InstitutionThe privacy and protection of our students, faculty and staff is ourprimary concern. We achieve this by executing a pro-active andongoing strategy against all forms of cyber attack. In doing so, weprotect the institution from risk and ensure regulatory compliance.Deliver Operational ExcellenceWe embrace a culture of process efficiency, productivity and clientservice. We strive for district wide consistency of internally andexternally facing IT services, while being agile enough to supportlocal needs.4

A Collaborative Framework5

StrategiesEnable StudentSuccessOptimizeEnterpriseArchitectureSecure theInstitutionDeliverOperationalExcellenceAlign IT to academicplanAdopt standardmethodologyExecute on 2016InfoSec programOrganize for successBe educationalfuturistsMake sustainabletechnology choicesMaintain policy,governance andcontrolsBe a data informedoperationImprove the studentexperienceIdentify stakeholderneeds and strategiesMaintain operationalvigilanceOwn a culture ofsustainabilitySupport data-drivendecision makingCompletecurrent/future stategap analysisPromote cybersecurityawarenessProvide best in classservicesLeverage technology tosupport those mostin needDevelop and maintainan IT roadmapBe compliantBe a model for DEI6

InfoSec: Defense in Depth (DiD)8

Defense in Depth (InfoSec Roadmap)NetworkNot StartedIn ProgressDone/OngoingServersEnd PointsNetwork Access Control (NAC)NSX/MicrosegmentationJAMF & Apple End PointManagementF5 Upgrade and ApplicationFirewallsTenable Vulnerability AssessmentDUO 2-Factor Authentication &Secure VPNDark Web/AnonymizersDDC Server Support Strategy &Password Manager ProMcAfee End Point ProtectionSandBlastServer Zone Migration &Separation of Environments (SOE)Patch ManagementCheckPoint Firewalls24/7 Network Operations CenterHigh Value Workstation SupportNetwork ZonesData Center Security & FacilitiesAccess Control & Separation ofDuties (SOE)(DMZ, DDC, InfoSec, etc.)Network Redesign Project (NRP)DataVirtualization (VMWare)ForensicsPeople“Data at Rest” StrategySplunk SIEM“ED to AD” & SHA-2 PasswordEncryptionMalwareBytesVirtru Email EncryptionEnCase eDiscoveryBanner Data DefenseNetwork & Server MonitoringGoogle SecurityGoogle Analytics & CheckPointReportingConsolidated BackupsIncident ManagementMichael NorthoverCIO& EncryptionOctober 2017Access ControlActive Directory(SolarWinds, Apcon, Extrahop)NCSAMCommunication(Message from CIO, Phishing Videos, etc.)Compliance ProgramsIT Staff Engagement(Program/Roadmap, AnnualCyber Security Offsite,Management Buy-In, etc.)Policy: ISP & AUPEducate Leadership(Regulatory Compliance, etc.)Engage Board of Directors(JAR, Red Flag, etc.)Cyber Team(Red Flag, PCI, Penetration Testing, NIST)CIO Priority7

Gartner InfoSec Maturity Score2016 is 3.1 and yourre for All: 2.9 2017 is 3.8 and yourre for All: 2.9 CIO Priority and IT Strategic Goals13

Portfolio Management11

PMO: 2016-2017IT GovernancePortfolio Manager & EnterpriseArchitect working to developstrategic IT Governance frameworkSingle Sign OnEngage Stakeholders“Intake & Prioritization Committee”IT Procedures & TrainingImplement Platform(TeamDynamix)Establish PMOPortfolio Management Goals & StrategyMichael Northover CIO October 201714

PMO is meeting Client Expectations by Managing the IT portfolioPortfolio of projects maintained and visible on IT PMO Spaces andTeamDynamix via Single-Sign-On (SSO). Intake and Prioritizationprocess on a 4 week cycle with 20 cross-discipline stakeholderparticipants.Providing a single source of truth for IT projectsAll active and backlogged projects in a single software platform.Project portfolio communication across various venues. Most recentproject status, issues & risks visible to stakeholders.Becoming PCC’s authority on Project ManagementBaseline standards, processes, and framework established for ITproject management. Continuous improvement of standards,processes and framework through client and staff feedback.Establishing a culture of transparency & project deliveryChampioning a performance-focused project environment.Developing project management discipline and professionalism atthe organizational level.15

Project DashboardHistorical Active Projects by HealthPortfolio MaturityNumber of Projects closed 2017 to date:Average Numer of Projects Closed per month 2017:79916

Key Current InitiativesMission Critical Banner9 UpgradeIdentity ManagementPublic Safety Upgrades (partnership with Public Safety) Equitable Student Success Web ProjectsERP AssessmentYESS & SEM Engagement F5 and Application FirewallsServer Zone Migration & MicroSegmentationApple ManagementDistrict ImagingManaged Print Services (partnership with Auxiliary Services) Splunk/SIEMData at RestStrategicOperations/InfrastructureInformation Security17

Questions?Michael Northover, CIO

Appendix: IT Strategy Additional SlidesEnable Student SuccessOptimize Enterprise ArchitectureSecure the InstitutionDeliver Operational Excellence5 Steps Launch Process17

Enable Student SuccessSupport opportunity & equitable studentsuccess through technologyAlign IT to academic planSupport data-driven decisions Be responsive to Faculty needs Leverage governance and committees to synchgoals and plans Establish PMO for prioritization and stakeholdervisibility Partner on instructional technology, distancelearning and non-credit Ensure ERP systems meet the current and futureneeds of the college Leverage data science to support learninganalytics Evolve from descriptive data to prescriptive data Create an enterprise BI platform strategy Support KPIs for student life cycle that drivestudent success Partner with Institutional EffectivenessLeverage technology to support thosemost in needBe educational futurists Partner with ASPCC and Student Services to helpunderserved students Support Open Educational Resources Partner with Disability Services on Accessibilityexcellence Free software through vendor contracts Provide internships and work-study opportunities Create a digital strategy for PCC Be strategic advisers to college leadershipResearch, promote and adopt forward looking ITstrategies Collaborate with faculty to align IT capabilitieswith curricula strategiesImprove student experienceImplement HR solutions to retain great facultyStrive for zero disruption of student experienceSupport the student lifecycle through ITLeverage technology to address onboarding andwayfinding challenges Be device agnostic and mobile first Leverage ASPCC, customer surveys and studentfeedback to improve services “We need technology in every classroom and inevery student’s and teacher’s hand, because it isthe pen and paper of our time, and it is the lensthrough we experience much of our world.”Some Key Initiatives Accessibility Compliance Learning Analytics & Data Science Student Information Systems (SIS)David Warlick, educator, author, programmer18

Optimize Enterprise ArchitectureApply rigorous methodology to major designdecisions and investmentsAdopt an EA methodology Adopt TOGAF as a standardAssign and develop personnelCreate architecture principles for PCCDevelop standard artifacts and repositorySelect and implement software toolset(s)Make sustainable technology choices Eliminate redundancy and keep current Leverage technology to manage institutionalpower consumption Research new technologies and use sustainabilityas part of ROI evaluations Reduce customization of applicationsComplete Current/Future State GapAnalysis Identify architecture domains for analysis Develop intersectional user stories for equity gapanalysis Develop gap analysis for Business, Application,Data and Infrastructure architectures Ensure alignment with strategic plans Gain consensus with stakeholders andGovernanceDevelop & sustain an IT RoadMap Create strategic roadmapFund, intake and prioritizeRationalize, consolidate & retireIteratively assess with stakeholders Publish,govern and reportIdentify stakeholder needs & strategies Align IT planning to President’s Workplan,Academic Plan and Facilities Plan Define the supported set of technology Identify top priorities for strategic analysis andremediation. Create optimal IT Governance process Align IT investment to strategic goalsSome Key Initiatives Unified Identity & Access Governance ATD & Guided Pathways ERP Strategy & Disaster Recovery19

Secure the InstitutionProtect our faculty, staff and students &ensure regulatory complianceExecute on 2016 InfoSec Program Maintain forward momentum as #1 priorityFocus on highest risk/value initiativesAlign budget to key investmentsGive quarterly Board updatesHold annual InfoSec offsiteEstablish policy, governance & controls Make InfoSec principles primary driversMaintain cabinet approved policiesEnsure cyber insurance coverageInstitute control monitoring and reviewConduct an annual NIST auditMaintain operational vigilance Execute ongoing operational, forensic andremediation activities Complete required Penetration and Vulnerabilitytesting/remediation Train staff in technologies and behaviors Participate in conferences and seminars andcollaborate with NW colleges Maintain relationships with Federal and Stateagencies and specialists Define metrics for measuring success and makingdata informed decisionsPromote College Awareness Create targeted policy and best practicecampaigns for faculty, staff and students Provide meaningful reporting to the Presidentand Board of Directors including Annual Report Engage President, Board of Directors and Cabineton key threats and strategies Leverage “Cyber Security Awareness Month”Be Compliant Hire a CISO to provide compliance, audit andcontrol oversight GLBA, HIPAA, FERPA, HEA, PCI Ensure best legal and regulatory guidance Maintain compliant infrastructure (Firewalls, SOE,SOD, etc.) Maintain compliant operations (e.g. PatchManagement, Cyber Analytics, etc.)Some Key Initiatives Regulatory Compliance Security Information & Event Management Encryption20