tidBiTS
Informs and engages the UNB community on IT developments and news

Management Briefing - IT Security

Author: ITS

Posted on Mar 14, 2013

Category: Management Briefings

Background Every day UNB is targeted by online criminals, hackers and others who attempt to steal personal information, infect computers and other devices, or take financial information. There are also many ways individuals can put themselves at risk through unsafe IT practices such as inadequate password protection or sharing too much information on social media sites. Security Action Team To provide permanent security oversight and support, ITS has created the IT Security Action Team. The team provides IT security leadership to the university, and is responsible for formulating, implementing, and coordinating IT security plans and projects across the enterprise. The group responds to IT security incidents and issues, and enforces policies to ensure the university is protected at all times. The group advises the AVPITS on IT security resourcing, technologies, and community education, and drafts IT security policies as required. Members of the team include:
  • Ben Steeves, Manager, System and Applications Development (bcs@unb.ca)
  • Charles Spencer, Manager, Network Services (Charles.cc.spencer@unb.ca)
  • David Shipley, Enterprise Strategist (Security/Web) (dshipley@unb.ca)
Issues come to the attention of the security team in a variety of ways, including 24/7 monitoring of network activity and traffic patterns; users who get into trouble by opening email attachments from unknown sources; notifications from copyright holders of illicit downloads of movies and music files; and so on and on. Feel free to contact them directly or at itsecurity@unb.ca if you have questions or concerns about IT security matters. Acceptable use policy The Security Action Team enforces the ICT Acceptable Use Policy, which states that users must:
  • Protect identities and information in accounts by selecting secure passwords, preventing others from viewing or obtaining passwords, logging out when accounts are not in use and ensuring important information is backed up.
  • Secure ICT infrastructure and data by ensuring the latest software security patches are installed, and protecting equipment from viruses, pop‐ups and other malicious software.
  • Safeguard information confidentiality by using secure access methods such as UNB’s virtual private network (VPN). When communicating confidential information electronically choose appropriate communications methods depending on information value, use and sensitivity. Many electronic methods, such as email, are inherently insecure.
IT security awareness course While threats to personal and institutional information continue to grow, the good news is there is something everyone can do about it. To help all become aware of the risks and take steps to protect themselves, ITS has launched an online IT Security Awareness course covering many IT security issues. All faculty and staff are encouraged to take the course—just log in to Desire2Learn via the myUNB portal.

Terry Nikkel, AVP-ITS, March 14, 2013