Team

Susan Brooker-Gross(tick), Mary Dunker(tick), Daniel Fisher(tick), Karen Herrington(tick), Kim Homer(tick), Greg Kroll(tick), Joyce Landreth(tick), Randy Marchany(error), Kevin Rooney(tick), Nate Smith(tick), Brenda van Gelder(tick)
((tick) present, (error) absent)

Agenda

  1. Clarification/Feedback from Erv
  2. Focus groups
  3. Communications plan

Meeting Notes

  1. Clarification/Feedback from Erv
    1. This project needs to include plans to change all passwords, including PID, Banner/Oracle, and Hokies.
      • Note: the web service for Hokies passwords will have to be completely built from scratch.
      • Action item: Greg will invite a representative from MIG to future project meetings.
      • See Brenda's comments below.
    2. Erv requested project phases and timelines be included in the project initiation form to include a self-service password reset for all 3 passwords before he approves the project.
      • Action item: Greg, Karen, and Kevin will revise the project initiation form. Greg will send the revised form to Brenda for Erv's approval.
    3. Another separate password change project (for weak passwords) needs to be discussed.
      • See Brenda's comments below.
    4. Jeb Stewart will negotiate project timelines with Internal Audit (IA).
  2. Focus groups Potential focus groups include:
    1. Authenticating using something like OpenID. Already used by Google & Yahoo. Kevin will mock up a prototype for testing by Kim Homers team. 4Help student consultants are a suggested test group.
    2. A "geek" focus group to discuss technical details of implementation.
    3. A group to discuss potential opportunities for collecting information from the user. This may be a mini-project or project phase in itself.
      • Action item: Kevin will organize the focus groups.
      1. There was some discussion about the possibility of adding something to the VT Alerts sign-up page asking if the information collected could be used for self service password resets also.
      2. Comment: The tool/service should be smart enough to know what credentials (PID, Banner/Oracle, Hokies) the user already has.
      3. The order of importance of the components needed for this project are:
        1. Authentication method
        2. User preferences
        3. Notifications
  • Tentative timelines for various project phases:
    1. PID password reset: Jun 15, 2011
    2. Oracle/Banner/Warehouse password reset: October 1, 2011
    3. Hokies password reset: June 1, 2012
  • Next week's meeting will be a brainstorming session of ideas for collecting data.
  • No labels

1 Comment

  1. Greg Kroll

    Jul 27, 2010
    Comments from Brenda van Gelder

    ----Original Message----
    From: van Gelder, Brenda
    Sent: Friday, July 23, 2010 12:28 PM
    To: Kroll, Greg; Dunker, Mary; Herrington, Karen; Marchany, Randolph; Landreth, Joyce; Brooker-Gross, Susan; Smith, Nate; Rooney, Kevin; Fisher, Daniel; Homer, Kimberley; DeBonis, Marc
    Subject: RE: Self-Service Password Reset project team meeting

    I would like to suggest some modifications to items 1a and 1c.

    The password reset project and the password change project will be two separate projects - the reset being led by Karen Herrington and the change passwords project being led by TBD (Jeb is working on getting someone to lead it). However, for the sake of clarity for internal audit, the password reset project initiation form will include reference to a phased timeline for the provision of a reset tool for the other 2 types of passwords, which may or may not end up being separate projects involving different teams.

    There could be 2 parts to the password change project. 1) ALL passwords (regardless of whether they are strong or weak) must be changed during the 2010-11 fiscal year, before July 1 2011. 2) Changing all 3 types of passwords needs to occur on a regular, scheduled basis, to be determined (once a year? Every six months?) and a process and policy needs to be in place to enforce regular password changes.

    ----Original Message----
    From: Kroll, Greg
    Sent: Thursday, July 22, 2010 11:30 AM
    To: Dunker, Mary; Herrington, Karen; Marchany, Randolph; Landreth, Joyce; Brooker-Gross, Susan; Smith, Nate; Rooney, Kevin; Fisher, Daniel; Homer, Kimberley; DeBonis, Marc
    Cc: van Gelder, Brenda
    Subject: FW: Self-Service Password Reset project team meeting

    FYI... I forgot the tentative timelines we discussed at the end of the meeting so I added that to the meeting notes just now.

    --Greg

    ----Original Message----
    From: Kroll, Greg
    Sent: Thursday, July 22, 2010 9:32 AM
    To: Dunker, Mary; Herrington, Karen; Marchany, Randolph; Landreth, Joyce; Brooker-Gross, Susan; Smith, Nate; Rooney, Kevin; Fisher, Daniel; Homer, Kimberley; DeBonis, Marc
    Cc: van Gelder, Brenda
    Subject: Self-Service Password Reset project team meeting

    Team,

    I have posted meeting notes from this past Tuesday's meeting. https://wiki.cns.vt.edu/pages/viewpage.action?pageId=24379566
    Please review and send questions/updates to me.
    Thanks.

    VTVTVTVTVTVTVTVTVTVTVTVTVTVT
    --Greg Kroll, PMP
    Assoc Dir for IT Project Management & Planning
    Virginia Tech
    1700 Pratt Drive (0214)
    Blacksburg, VA. 24061
    office: 540.231.9654
    fax: 540.231.7413