Our IT Security Approach

IT security requires a thoughtful balance between securing the university community from the risk of cyber attacks and loss of information while allowing the openness required to support a broad range of academic, research and administrative activities. Our goal is to minimize or eliminate the risks where there are vulnerabilities and work with members of the university community to find security solutions that meet their needs.

Protecting the university and members of our community against the threat of cyberattacks requires a proactive and continually evolving approach. Our IT Security strategy includes four primary components that combine technical settings with user awareness and education.

Device

Device Management

What’s the risk?
Endpoint devices (i.e. laptops, desktops, and network-enabled equipment) have direct access to sensitive systems and data resources. A compromised endpoint jeopardizes these sensitive resources and can be used as a gateway to attack other devices on our network. 

What are we doing?
Standard security settings are being applied to all university devices. These settings provide an increased level of protection to the university’s IT assets by:

  • Allowing the university to respond quickly and efficiently to an ever-changing risk environment by enabling automated patching processes for operating systems and institutional software against known vulnerabilities;
  • Limiting direct communication between endpoint devices to prevent the rapid spread of malware;
  • Limiting the ability for compromised software to install on university devices.
Network

Network Security 


What’s the risk?
One of the most damaging ways cybercriminals attack large organizations is by gaining access to communication networks to disrupt services, transmit malware or steal data. Once malware begins to spread and attack the network, preserving information and preventing the further spread becomes a great challenge.
 
What are we doing?
We are segmenting our network to create boundaries between devices and systems so users can have access to the information and systems they need while limiting the chance of infections spreading between multiple devices or gaining access to sensitive university information. Segmentation strengthens our defense against attacks by:
  • Limiting the spread of malware;
  • Protecting sensitive resources by only allowing trusted access to them;
  • Allowing for additional security controls to be added to specific areas to manage increased risk without imposing the settings on all users.
Safe File

Safe Data Storage 


What’s the risk?
The university amasses a great amount of information in support of academic, research and administrative activities. Data breaches can have a devastating impact on the university and the individuals who have a vested interest in the safety of that data.

What are we doing?
Protecting data requires a holistic view of the types of information being collected across the university, the technology that process and store information and the people who are accountable for the input and management of information. To address this challenge, the university recently addressed the following:
  • Launched DATASTORE a professional quality, high capacity, backed-up data storage for USask fulltime faculty researchers;
  • Developed data governance processes for the secure management of all university information;
  • Enhanced the security settings at university-managed data centers.
Security Ed

IT Security Awareness 


What’s the risk?
Many IT security incidents occur when members of an organization unknowingly provide access or private credentials to cybercriminals. Providing university community members with information to detect cyber-attacks and methods to report threats greatly increases the security posture of the university.
 
What are we doing?
IT Security training was developed and is offered to all members of the university community. The self-administered training includes:
  • Online IT security training resources and videos;
  • Information about protecting themselves from becoming the victim of cyber attacks;
  • Methods for reporting security incidents at the university.
multi.png

Account Security - Multi-Factor Authentication (MFA)


What's the risk?
Remote teaching, learning, and working makes us more vulnerable than ever to cyber attacks. As a USask community member, you have access to sensitive information about students, staff, university or research data. Passwords are increasingly easy to compromise. Using MFA keeps your account secure even if your password is compromised and drastically increases the security of your account.

What are we doing?
Using a phased approach, IT Security is requiring the USask community to enable MFA. This timeline includes:

  • Assessment and selection of Microsoft Azure Authenticator January 2020;
  • Enrolling all faculty and staff in MFA by April 30, 2021; 
  • Enabling MFA on additional USask systems Summer 2021.