2008-2009 LR&TS Annual Report - Learning Resources Services ...
2008-2009 LR&TS Annual Report - Learning Resources Services ...
2008-2009 LR&TS Annual Report - Learning Resources Services ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Learning</strong> <strong>Resources</strong> & Technology <strong>Services</strong> – <strong>Annual</strong> <strong>Report</strong> FY09<br />
Information Technology Security<br />
The Information Technology (IT) security coordinator<br />
works with all parties involved (internal and external) to<br />
provide a consistent and coordinated response to ITrelated<br />
security issues, from virus outbreaks and identity<br />
theft to unauthorized use of university IT resources. The<br />
IT security area also coordinates security assessment and<br />
reviews of university IT services, resources and policies.<br />
Summary of FY09 accomplishments<br />
IT security incidents continued to grow, both in quantity<br />
and complexity. New case logs were up nearly 50<br />
percent over FY08; this followed a 70 percent increase<br />
the previous year. The number of inquiries not requiring<br />
a documented case log also grew. Questions ranged from<br />
proper disposal of storage media and data destruction<br />
to appropriate use of computers. As IT security issues<br />
became more ubiquitous, IT Security interacted with an<br />
increasing number of internal and external groups.<br />
FY09 Goals<br />
Manage growth and complexity of IT data security incidents.<br />
• <br />
dents during FY09, which was nearly a 50 percent<br />
Investigated and documented 142 IT security inci-<br />
increase from FY08. Incident response continued to<br />
involve both campus and third party contacts.<br />
Coordinate efforts with MnSCU and state agencies on behalf of SCSU.<br />
• Participated in the MnSCU IT Security Guidelines<br />
working group and IT Security Steering Committee.<br />
• Participated in the newly formed Security Training<br />
Advisory Group (STAG) at the request of the<br />
MnSCU Office of the Chancellor.<br />
• Assisted as a campus IT security contact for the<br />
MnSCU-wide Payment Card Industry (PCI) assessment<br />
program.<br />
Raise awareness of MnSCU security standards and move toward<br />
compliance verification.<br />
• Assisted with and answered questions about the<br />
MnSCU Information Security Awareness program<br />
offered through Desire2Learn.<br />
Coordinate security review/consulting for various campus entities.<br />
• Assisted the Business Computer Information<br />
Systems department in completing the National<br />
Security Agency application for recognition as a<br />
National Center of Academic Excellence in Information<br />
Assurance Education.<br />
• Arranged for ongoing secure destruction and<br />
disposal of hard drives and other storage media with<br />
the existing campus recycling contractor.<br />
• Consulted with the College of Education on securely<br />
handling confidential data.<br />
• Worked with Public Safety on security for its IT<br />
network and new parking ramp system.<br />
• Collaborated with both campus and corporate<br />
Sodexo support staff to assess and improve the<br />
security of their campus Point of Sale (POS) systems.<br />
• Reviewed the new Blackboard/Campus Card implementation<br />
plans for proper security measures.<br />
• Reviewed the findings from the <strong>2008</strong> MnSCU<br />
Information Security Assessment of Non-Academic<br />
Business Units on campus. Based on the review, an<br />
IT Security Small Group was formed to 1) prioritize<br />
the concerns identified, and 2) document follow-up<br />
action taken. Work will continue into FY10, following<br />
up with departments identified.<br />
• Participated in the Campus Emergency Notification<br />
Communication subcommittee.<br />
Provide a consistent and timely incident response on behalf of SCSU.<br />
• Continued to build relationships with Public Safety,<br />
local law enforcement and the county attorney’s office.<br />
• Assisted the Stearns County Attorney’s office with a<br />
successful prosecution of a theft case involving campus<br />
property; this case took about 14 months to resolve.<br />
• Continued to work with the Special Advisor to<br />
the President as requested to assist with incident<br />
responses and data requests.<br />
• Complied with all requests from Student Life and<br />
Development to suspend certain students’ LR&<strong>TS</strong><br />
accounts as a result of disciplinary procedures.<br />
Provide IT security education/best practices to campus audiences.<br />
• Educated students and employees through one-toone<br />
opportunities.<br />
• Sent communications to campus warning of spam,<br />
fraudulent e-mails and peer-to-peer (P2P) file sharing.<br />
• Introduced Check Point encryption software to<br />
campus.<br />
Statistics:<br />
See Appendix Z<br />
50