tidBiTS
Informs and engages the UNB community on IT developments and news

Briefing Cybersecurity update 2017

Author: ITS

Posted on Feb 17, 2017

Category: General Interest , Management Briefings , News

Since the 2012 external assessment of UNB’s IT security, ITS has worked tirelessly to ensure the university has the best cybersecurity program possible. Many crucial building blocks have been put in place or are underway; we’ve come a long way, and while there is more to do, the road ahead is clearer than it’s ever been.

Important cybersecurity components now in place include:

  • an effective awareness campaign that has seen rates at which university community members fall victim to phishing attacks, malware, and fraud fall by as much as 90%;
  • a fully implemented disaster recovery and business continuity strategy including complete, daily backups of all critical institutional data across multiple data repositories;
  • state‐of‐the‐art network monitoring tools that detect early signs of suspicious activity on all our networks, providing alerts that can be actioned before major problems occur.

There are also several initiatives that are nearing completion, including:

  • an information security policy—which has been in the works for 2 years—has been approved by PET and is awaiting final Board approval. This policy establishes roles and responsibilities for all university community members, and lays the groundwork for implementation of various cybersecurity best practices and procedures, such as protocols for handling cybersecurity incidents;
  • a university‐wide data classification standard, developed by the Data Management Working Group, composed of data stewards, managers, and experts from across the university, and which provides guidance on how various data elements must be treated, for example as confidential, internal, or public. This guidance will in turn be supported by tools and training to help those who handle university data do so appropriately and securely;
  • network redesign and implementation of a new firewall and network access control. ITS has been working towards a complete rethinking and renewal of how our networks are protected and accessed, while preserving as much as possible the principle of openness that is the hallmark of university culture. We are nearly there—we are in the final stages of selecting and procuring the equipment and software needed to vastly improve UNB’s cybersecurity profile.

Finally, there are some very important cybersecurity components yet to plan and deploy, for instance:

  • extending cybersecurity protection to include Educational Computer Network (ECN) members including St. Thomas University, Mount Allison University, and the NB community colleges, whom ITS supports by hosting shared IT services and operating the New Brunswick research and education network;
  • working with various researchers and groups across UNB to ensure that their computing environments are safe, while still permitting them to carry out their work. For example, ITS engaged with Computer Science faculty’s cybersecurity researchers to understand their environment, and to implement a security architecture that works for them and us—they pose a tempting target for some bad folks!

Terry Nikkel, AVP, ITS, February 17, 2017