tidBiTS
Informs and engages the UNB community on IT developments and news

ITS Management Briefing - UNB cybersecurity progress report

Author: tidBiTS

Posted on Oct 26, 2018

Category: General Interest , IT Security , Management Briefings

A year ago, the President’s Executive Team (PET) approved UNB’s Cybersecurity Program, a document describing a new standards-based approach to managing cybersecurity and a set of initiatives designed to vastly improve the university community’s awareness of cybersecurity threats and ability to deal with them. This report outlines the current status of those initiatives.

  • UNB’s next generation firewall (NGFW) has been fully deployed. This is the university’s first line of defence against external threats; it ensures only legitimate community members and traffic is allowed access to our networks.
  • Network access control (NAC) is currently being deployed and tuned. NAC enforces role-based rules that define ‘who has access to what’ across UNB network-connected IT systems and services.
  • New end-point protection—anti-virus/malware software—has been rolled out. The new product—eSet Endpoint Security—helps detect and prevent the spread of threats like malicious email attachments and other indirect attacks.
  • Spam filtering, which prevents most spam messages from reaching the email inboxes of UNB community members, has been upgraded and is fully integrated with our O365 cloud service.
  • UNB’s wireless network is being updated and renewed; despite initial teething pains, the new service has increased capacity and bandwidth to fully support the thousands of devices that connect to our Wi-Fi service every day. Traffic management is role-based: the ‘eduroam’ network is for students, faculty, and staff, while ‘Public@unb’ is for everyone else, and is restricted to Internet access only. Deployment will be completed by the end of the year.
  • Beauceron, a cybersecurity awareness training and risk assessment tool, has been launched. All faculty and staff have been enrolled in this mandatory program, and about half have completed the training. Beauceron is being rolled out to students over the next several months.
  • An IT security incident response procedure has been formalized, complementing existing IT disaster recovery and business continuity plans. The procedure is being integrated with UNB’s overall emergency response plans.
  • External experts completed a threat risk assessment (TRA) of UNB’s IT infrastructure, procedures, and tools. Gaps in our policy framework were identified as risk factors to be addressed—we will work towards filling in these gaps in the near- to mid-term.
  • 58 cybersecurity presentations have been delivered to various UNB groups, from faculty councils to open town halls. Presentations are one of the most effective ways of educating the community about cybersecurity best practices.
  • UNB is participating in a nation-wide cybersecurity project with dozens of other institutions and organizations; ultimately, the project, part of a national and provincial cybersecurity strategy, will see sophisticated, standardized cybersecurity monitoring and response tools deployed coast to coast to coast, ensuring dramatically improved threat detection and mitigation for the entire research and post-secondary education sector in Canada. 

October 26, 2018, Terry Nikkel, AVP, ITS