Maintain Cybersecurity Vigilance

 

We will continue to enhance our cybersecurity processes and technologies, in line with best practices and the evolving threat landscape, to protect the confidentiality, availability and integrity of university digital services and information.


Scope

We will focus on two areas: Adopting tooling and awareness to address perennial issues like phishing and emerging threats like extortion via ransomware; and Improving the Identity and Access Management experience through adoption of new technologies to ease identity administration and support individual control over identity attributes.

Major Projects

Tooling and Awareness

  • Data Center Firewalls, Phase 1 – Active
    Install Palo Alto Networks Firewalls in front of our IS&T data centers.
  • Data Center Firewalls, Phase 2 – Identified
    Install Palo Alto Networks Firewalls in front of BUMC data centers and administrative systems at MGHPCC.
  • Domain Name Service (DNS) Security – Complete
    Provide security controls at a low level of the network that can effectively thwart malware including ransomware with minimal impact on normal usage.
  • Email Security Improvements – Active
    Deploy additional industry-standard security controls (DKIM/DMARC) in the BU email environment that reduce the risk of receiving or being the source of phishing attacks and other fraudulent email on the internet and decrease the number of legitimate outgoing emails that are discarded as spam by remote mail systems.
  • Entity Analytics – Complete
    Provide analytical toolkit for our Security Event and Incident Management tool to detect new and anomalous behavior of devices on our network to enable better detection of compromised devices, especially “Internet of Things” devices.
  • Expand Multifactor Authentication – Complete
    Continuing from FY21, this effort will increase the number of places that multifactor authentication will be required including Office365, VPN services, and additional web applications.
  • Integrate Vulnerability Management into ServiceNowComplete
    Integrate the results of our vulnerability scanner directly into our IT service management system to enable enhanced reporting and better risk assessment.
  • Third Party Risk Management Tooling – Complete
    Evaluate tools and services to measure, track, and manage the risk of vendors with access to our sensitive data.

Improving the Identity and Access Management experience

  • Authorization Management – Active
    Provide enhanced group management capabilities, potentially including self-service, to enable efficient use of centrally-stored attributes to define access control for applications.
  • Identity and Directory Modernization – Complete
    Replaces our legacy, homegrown, mainframe-based identity system with vended, cloud-based identity solution
  • Identity Governance and Administration – Identified
    Provides an enhanced toolset for leaders, managers, data trustees, auditors, and individuals to review, request, authorize, and revoke privileges for individuals.
  • Student Lifecycle Provisioning and Deprovisioning – Complete
    Standardizes the processes by which student accounts are created and given access rights and manages how those rights evolve based on student status. This also includes a self-service portal to enable password reset and update of gender identity, pronouns, and preferred name.
  • Campus Solutions Integration – Complete
    Integrates our IAM solution with the new Student Information System and addresses authorization of individuals within Campus Solutions for role-based and ad-hoc needs.

Stakeholders

      • Strong cybersecurity practices will require everyone’s participation and will benefit everyone as our data will be better protected. The Common Services and Information Security Governance Committee helps to govern the information security program and becomes the voice for everyone in the program, providing input on priorities, organizational change management, and communication efforts.
      • The IAM program will bring particular benefits to non-binary individuals through support for gender fluidity, personal pronouns, and preferred name. The IAM Steering Committee will help guide the introduction of these and other features and includes representation from key identity providers: Enrollment Services, Human Resources, and Alumni Relations.
      • The mission to secure the university’s data both provides input to and takes guidance from IS&T’s Data Governance program on data management policy, roles and responsibilities, and needed controls. Increasingly this work will need to align with the University Privacy Coordinating Committee, particularly as legal regulations on data privacy grow.