Citizen Advisory Boards and Commissions  
  Apply for a board position  
  Appointments by Month  

October Minutes


ITAC MEETING MINUTES
October 21, 2010

Attendees: Vass Johnson, Gloria McNeill, Robert Michaud, Niamh Darcy, Darryl McGraw

Wake County: Lib Wanner, John Higgins, Dean Mitchell, Sean Fiene
Due to work schedules Teresa Justice, Dr. Marc Hoit, Steve Kim, John Killebrew and Hank Cox could not attend the meeting.

The meeting began at 9:05 a.m.

Lib Wanner welcomed everyone to the meeting and ensured that all members had received the proper documentation. Lib then introduced the group to John Higgins, IT Manager for Technical Infrastructure and Dean Mitchell, IT Security Division Supervisor.

Discussion Topic: Security Awareness Training – Policy and Training Content
John Higgins began the discussion by reviewing the agenda for the End User Awareness Training Program and providing an overview of the program concept and approach. He then reviewed the proposed delivery method for the training and the supporting policy. Robert Michaud asked if the web portal training option is used for other training purposes or just for the security training. Lib answered that the proposed portal is just for the security awareness training only and that the County has purchased a fuller Learning Management System (LMS) as part of its ERP system and that it is not yet operational. Dean Mitchell indicated that the security training is written in such a way that it can be ported to the County’s LMS when it is ready.

John Higgins then asked for input from the ITAC members regarding their thoughts on the concept and approach and if they had something similar in place in their organizations. All of the members indicated that they had something similar in place and each member provided a brief explanation of the approach used in their respective organizations. Two members indicated that their programs include ethics training as well. All agreed with the concept of making the training mandatory.

John then went through a few of the screens that end users will encounter when going through the training program, and highlighted examples of the quiz questions and final exam questions that are part of the training. John then asked the ITAC members for their input regarding the portal delivery mechanism, content and interactive slides, quizzes and final exam. Robert asked what the consequences were for failing the exam and John explained that the end user had 3 tries to pass it and if they still didn’t the person would be locked out of the tool. Lib indicated that most likely the employee would be notified by a member of the Security Team to regain access to the tool and review the material again. If the person still failed the exam after 3 more tries, Lib indicated that this information would be given to the person’s supervisor to handle. John indicated that the exam is pretty straight forward and we are not expecting to have a problem with this, but will be aware of it. Vass Johnson asked about the length of the training and John stated the length is around thirty minutes without the audio turned on and about 45 minutes with it on. Vass and Gloria McNeil indicated that thirty minutes seemed a little long. Niamh Darcy indicated their organizations training was about that long. From a screen design perspective it was suggested that the audio off option be moved from the second option to the first option on the screen to encourage users to choose that option and that the estimated times be added so the end user would know what to expect in terms of time it takes to complete the training. John indicated he would have these changes made. Dean Mitchell also stated that the application offers the ability to save progress and exit which will allow the training to be completed in more than one sitting.

John then went over the Security Policy Acceptance screens with the group and Lib asked the group if the proposed approach to having end users agree to read and follow the County’s security policies was too subtle. All agreed it was fine and while it may not be as strong as having each security policy signed off on by the user, it was reasonable.

Lib asked the group for additional input and all indicated that they thought the tool looked good and it could be strengthened and improved each year. Niamh suggested using videos with real life scenarios in it to make the training more interesting and offered to give Lib the name of the product her organization uses that has this feature for future reference.

Review of ITAC Discussion Topics List for FY 2011
Lib reviewed the proposed list of discussion topics for FY 2011 with the group and asked for suggestions for additions or changes. Darryl McGraw indicated that Wake Tech Community College has been doing a lot of work in the cloud computing area and suggested that the March 17th meeting where this topic is scheduled to be discussed be held at Wake Tech so he could show the group what he and his team have been doing in this area. Lib and the other ITAC members agreed. The group had no other changes to the topics list.

Other Business
Lib then asked the group if there was any other business to discuss and the group agreed that all topics had been covered.

Lib Wanner thanked the group for their input and participation.

Meeting adjourned at 9:35 a.m.