Informs and engages the UNB community on IT developments and news

Management Briefing - IT Security Initiatives Fall 2015

Author: ITS

Posted on Sep 8, 2015

Category: Management Briefings

Various high‐profile IT security breaches of late—at Canada’s National Research Council, the US Office of Personnel Management, Ashley Madison, to name just a few—provide a stark reminder that personal and enterprise data is highly desirable—and vulnerable—to the ministrations of criminals intent on exploiting weaknesses in IT security wherever they can find them. UNB is not immune to these attentions—every week over 50 million attempts are made to find weaknesses in our systems (akin to someone checking a door to see if it is locked, these attempts are highly automated and very, very persistent). Students, faculty, and staff succumb to phishing attempts with astonishing frequency, and every month over 100 UNB‐owned computers fall victim to malware and worse. ITS investigates over 300 significant IT security incidents per year; the number is growing, though resources to deal with them are not. Nevertheless, in addition to focusing a lot of staff time to the problem, ITS has deployed automated tools to help with the overwhelming task, and has several initiatives underway to help reduce the risk. Cybersecurity awareness campaign Throughout the Fall term, but especially in October, which is internationally recognized as Cybersecurity Awareness Month, ITS will again be educating the university community about common IT security risks and effective solutions and practices to mitigate them. We’ll be covering topics like phishing and other fraud; mobile security; malware; and many others including new technologies and new risks (have you heard of the Internet of Things? If not, you will). We’ll use various channels to reach all our users with helpful tips, tricks, tools, resources, services, and news about IT security: Twitter, Facebook, websites, email, and so on will be prominent in our efforts to get you the goods on good IT security strategies. Watch for the kick‐off coming soon—the data you protect may just be your own! Information security policy A draft university‐wide information security policy—now in its 6th revision—will be making its way to you for review in the coming weeks. Complete with data classification guidance and protection protocols, the new policy lays the groundwork for building a more secure IT environment. When implemented, the policy will reduce risk while increasing effective responses to incidents through specific procedures for handling breaches plus guidance on what to do when computers and mobility devices are lost or stolen. To help individual community members understand and effectively carry out their role in protecting their own and university information assets, a concurrent and complementary initiative is underway setting up data governance and management working groups, comprised of broad representation from the university, and which will articulate further guidelines, standards, and practices for data protection and stewardship. Network and security architecture Finally, a major project is underway that will result in complete renovation and upgrading of the university’s wired and wireless communications networks, with the specific objectives of making them more secure, reliable, and sustainable. The scale of this project must not be underestimated—every part of our networks will be touched, every enterprise and personal computer and device affected. On the other hand, users will experience fewer issues when accessing IT systems and services, encountering straightforward processes designed to ensure they get access to appropriate resources, while the bad guys get shown the door. ITS and the university are investing heavily to ensure a safe computing environment for students, faculty and staff for years to come; we will keep you up to date as these initiatives unfold, and as the IT security environment evolves to meet the needs of tomorrow.

Terry Nikkel, AVP, ITS, September 8, 2015