tidBiTS
Informs and engages the UNB community on IT developments and news

Management briefing Information Security Policy Update

Author: ITS

Posted on Jul 8, 2016

Category: Management Briefings

Background

Ever since UNB was established, most of its information has been stored on paper and the primary technology used to secure it was the lock. Roles and responsibilities for securing information were relatively easy to define. A lot has changed. Now, most information is created, stored and maintained electronically, and there is a lot of it. People expect to access information any time and from anywhere in the world. 

In recent times, the value of information for criminal purposes has skyrocketed. Criminals work hard to obtain it, because the payback is good; they are always coming up with new methods to do their deeds. The results can be devastating. Universities across the world experience data breaches resulting in the loss of huge numbers of personal records costing reputations and sometimes millions of dollars. Intellectual property is particularly attractive, and always at high risk. Furthermore, criminals are rapidly adapting their attacks to support extortion attempts; some universities, having fallen prey to malicious takeovers of their information, have paid significant ransoms to retrieve their own property.

Various high-profile IT security breaches of late—at Canada’s National Research Council, Ashley Madison, the University of Calgary, to name just a few—provide a stark reminder that criminals are intent on exploiting weaknesses in IT security wherever they can find them. Every week at UNB over 50 million attempts are made to find ways into our systems (akin to someone checking a door to see if it is locked, these attempts are highly automated and very, very persistent). Students, faculty, and staff succumb to phishing attempts with alarming frequency, and every month over 100 UNB-owned computers fall victim to malware and worse

Policy development

Today’s world requires a different way to protect information. The proposed Information Security Policy shares responsibility for the protection of UNB information across the entire UNB community. To be successful each community member must do their part. The Information Security Policy provides the framework of roles and responsibilities for information protection, including guiding principles for implementation which reflect UNB’s mission and culture of collaboration.

To be complemented with data classification guidance and protection protocols, the new policy lays the groundwork for building a more secure IT environment. When fully implemented, the policy will reduce risk while increasing effective responses to incidents through specific procedures for handling breaches plus guidance on what to do when computers and mobility devices are lost or stolen. To help individual community members understand and effectively carry out their role in protecting their own and university information assets, a concurrent initiative is underway advancing data governance and management; working groups, comprised of broad representation from the university, will articulate further guidelines, standards, and practices for data protection and stewardship.

Community engagement

Many groups and individual experts at UNB have reviewed the Information Security Policy and have provided their assistance in refining and shaping the current version. To ensure the review process is comprehensive, ITS is hosting town hall meetings, inviting all community members to participate.

Terry Nikkel, AVP, ITS, July 8, 2016

Please join us at one of our campus town halls:

Saint John: Tuesday, July 19, 2:00 p.m. – 3:00 p.m. – Oland Hall room 104
Fredericton: Thursday, July 21, 1:30 p.m. – 2:30 p.m. – MacLaggan Hall room 53

View the draft policy