Information Security Initiative

Our IT Security Approach

IT security requires a thoughtful balance between securing the university community from the risk of cyber attacks and loss of information while allowing the openness required to support a broad range of academic, research and administrative activities. Our goal is to minimize or eliminate the risks where there are vulnerabilities and work with members of the university community to find secure solutions that meet their needs.
 

Device

Device Management

What’s the risk?
Endpoint devices (i.e. laptops, desktops and network-enabled equipment) have direct access to sensitive systems and data resources. A compromised endpoint jeopardizes these sensitive resources and can be used as a gateway to attack other devices on our network. 

What are we doing?
Standard security settings are being applied to all university devices. These settings provide an increased level of protection to the university’s IT assets by:

  • Allowing the university to respond quickly and efficiently to an ever-changing risk environment by enabling automated patching processes for operating systems and institutional software against known vulnerabilities;
  • Limiting direct communication between endpoint devices to prevent the rapid spread of malware;
  • Limiting the ability for compromised software to install on university devices.
Network

Network Security 


What’s the risk?
One of the most damaging ways cybercriminals attack large organizations is by gaining access to communication networks to disrupt services, transmit malware or steal data. Once malware begins to spread and attack the network, preserving information and preventing the further spread becomes a great challenge.
 
What are we doing?
We are segmenting our network to create boundaries between devices and systems so users can have access to the information and systems they need while limiting the chance of infections spreading between multiple devices or gaining access to sensitive university information. Segmentation strengthens our defense against attacks by:
  • Limiting the spread of malware;
  • Protecting sensitive resources by only allowing trusted access to them;
  • Allowing for additional security controls to be added to specific areas to manage increased risk without imposing the settings on all users.
Safe File

Safe Data Storage 


What’s the risk?
The university amasses a great amount of information in support of academic, research and administrative activities. Data breaches can have a devastating impact on the university and the individuals who have a vested interest in the safety of that data.

What are we doing?
Protecting data requires a holistic view of the types of information being collected across the university, the technology that process and store information and the people who are accountable for the input and management of information. To address this challenge, the university recently addressed the following:
  • Launched DATASTORE a professional quality, high capacity, backed-up data storage for U ofS fulltime faculty researchers;
  • Developed data governance processes for the secure management of all university information;
  • Enhanced the security settings at university-managed data centers.
Security Ed

IT Security Awareness 


What’s the risk?
Many IT security incidents occur when members of an organization unknowingly provide access or private credentials to cybercriminals. Providing university community members with information to detect cyber-attacks and methods to report threats greatly increases the security posture of the university.
 
What are we doing?
IT Security training was developed and is offered to all members of the university community. The self-administered training includes:
  • Online IT security training resources and videos;
  • Information about protecting themselves from becoming the victim of cyber attacks;
  • Methods for reporting security incidents at the university.