![\"\"](\"\/techplan\/files\/2021\/05\/cybersecurity.png\")
<\/a>We will continue to enhance our cybersecurity processes and technologies, in line with best practices and the evolving threat landscape, to protect the confidentiality, availability and integrity of university digital services and information.<\/p>\n
Scope<\/h2>\n
\n
We will focus on two areas: Adopting tooling and awareness to address perennial issues like phishing and emerging threats like extortion via ransomware; and Improving the Identity and Access Management experience through adoption of new technologies to ease identity administration and support individual control over identity attributes.<\/p>\n
Major Projects<\/h2>\n
\nTooling and Awareness<\/h3>\n\n- Data Center Firewalls, Phase 1 – <\/b>Active<\/span>
\nInstall Palo Alto Networks Firewalls in front of our IS&T data centers.<\/li>\n- Data Center Firewalls, Phase 2 – <\/b>Identified<\/span>
\nInstall Palo Alto Networks Firewalls in front of BUMC data centers and administrative systems at MGHPCC.<\/li>\n- Domain Name Service (DNS) Security – <\/b>Complete<\/span>
\nProvide security controls at a low level of the network that can effectively thwart malware including ransomware with minimal impact on normal usage.<\/li>\n- Email Security Improvements – <\/b>Active<\/span>
\nDeploy additional industry-standard security controls (DKIM\/DMARC) in the BU email environment that reduce the risk of receiving or being the source of phishing attacks and other fraudulent email on the internet and decrease the number of legitimate outgoing emails that are discarded as spam by remote mail systems.<\/li>\n- Entity Analytics – <\/b>Complete<\/span>
\nProvide analytical toolkit for our Security Event and Incident Management tool to detect new and anomalous behavior of devices on our network to enable better detection of compromised devices, especially \u201cInternet of Things\u201d devices.<\/li>\n- Expand Multifactor Authentication – <\/b>Complete<\/span>
\nContinuing from FY21, this effort will increase the number of places that multifactor authentication will be required including Office365, VPN services, and additional web applications.<\/li>\n- Integrate Vulnerability Management into <\/b>ServiceNow<\/b> – <\/b>Complete<\/span>
\nIntegrate the results of our vulnerability scanner directly into our IT service management system to enable enhanced reporting and better risk assessment.<\/li>\n- Third Party Risk Management Tooling – <\/b>Complete<\/span>
\nEvaluate tools and services to measure, track, and manage the risk of vendors with access to our sensitive data.<\/li>\n<\/ul>\nImproving the Identity and Access Management experience<\/h3>\n\n- Authorization Management – <\/b>Active<\/span>
\nProvide enhanced group management capabilities, potentially including self-service, to enable efficient use of centrally-stored attributes to define access control for applications.<\/li>\n- Identity and Directory Modernization – <\/b>Complete<\/span>
\nReplaces our legacy, homegrown, mainframe-based identity system with vended, cloud-based identity solution<\/li>\n- Identity Governance and Administration – <\/b>Identified<\/span>
\nProvides an enhanced toolset for leaders, managers, data trustees, auditors, and individuals to review, request, authorize, and revoke privileges for individuals.<\/li>\n- Student Lifecycle Provisioning and Deprovisioning – <\/b>Complete<\/span>
\nStandardizes the processes by which student accounts are created and given access rights and manages how those rights evolve based on student status. This also includes a self-service portal to enable password reset and update of gender identity, pronouns, and preferred name.<\/li>\n- Campus Solutions Integration – <\/b>Complete<\/span>
\nIntegrates our IAM solution with the new Student Information System and addresses authorization of individuals within Campus Solutions for role-based and ad-hoc needs.<\/li>\n<\/ul>\nStakeholders<\/h2>\n
\n<\/ul>\n<\/ul>\n\n- Strong cybersecurity practices will require everyone\u2019s participation and will benefit everyone as our data will be better protected. The Common Services and Information Security Governance Committee helps to govern the information security program and becomes the voice for everyone in the program, providing input on priorities, organizational change management, and communication efforts.<\/li>\n
- The IAM program will bring particular benefits to non-binary individuals through support for gender fluidity, personal pronouns, and preferred name. The IAM Steering Committee will help guide the introduction of these and other features and includes representation from key identity providers: Enrollment Services, Human Resources, and Alumni Relations.<\/li>\n
- The mission to secure the university\u2019s data both provides input to and takes guidance from IS&T\u2019s Data Governance program on data management policy, roles and responsibilities, and needed controls. Increasingly this work will need to align with the University Privacy Coordinating Committee, particularly as legal regulations on data privacy grow.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
We will continue to enhance our cybersecurity processes and technologies, in line with best practices and the evolving threat landscape, to protect the confidentiality, availability and integrity of university digital services and information. Scope We will focus on two areas: Adopting tooling and awareness to address perennial issues like phishing and emerging threats like […]<\/p>\n","protected":false},"author":1301,"featured_media":0,"parent":23,"menu_order":6,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/pages\/104"}],"collection":[{"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/users\/1301"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/comments?post=104"}],"version-history":[{"count":51,"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/pages\/104\/revisions"}],"predecessor-version":[{"id":435,"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/pages\/104\/revisions\/435"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/pages\/23"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/media?parent=104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- \n
- Data Center Firewalls, Phase 1 – <\/b>Active<\/span>
\nInstall Palo Alto Networks Firewalls in front of our IS&T data centers.<\/li>\n- Data Center Firewalls, Phase 2 – <\/b>Identified<\/span>
\nInstall Palo Alto Networks Firewalls in front of BUMC data centers and administrative systems at MGHPCC.<\/li>\n- Domain Name Service (DNS) Security – <\/b>Complete<\/span>
\nProvide security controls at a low level of the network that can effectively thwart malware including ransomware with minimal impact on normal usage.<\/li>\n- Email Security Improvements – <\/b>Active<\/span>
\nDeploy additional industry-standard security controls (DKIM\/DMARC) in the BU email environment that reduce the risk of receiving or being the source of phishing attacks and other fraudulent email on the internet and decrease the number of legitimate outgoing emails that are discarded as spam by remote mail systems.<\/li>\n- Entity Analytics – <\/b>Complete<\/span>
\nProvide analytical toolkit for our Security Event and Incident Management tool to detect new and anomalous behavior of devices on our network to enable better detection of compromised devices, especially \u201cInternet of Things\u201d devices.<\/li>\n- Expand Multifactor Authentication – <\/b>Complete<\/span>
\nContinuing from FY21, this effort will increase the number of places that multifactor authentication will be required including Office365, VPN services, and additional web applications.<\/li>\n- Integrate Vulnerability Management into <\/b>ServiceNow<\/b> – <\/b>Complete<\/span>
\nIntegrate the results of our vulnerability scanner directly into our IT service management system to enable enhanced reporting and better risk assessment.<\/li>\n- Third Party Risk Management Tooling – <\/b>Complete<\/span>
\nEvaluate tools and services to measure, track, and manage the risk of vendors with access to our sensitive data.<\/li>\n<\/ul>\nImproving the Identity and Access Management experience<\/h3>\n
- \n
- Authorization Management – <\/b>Active<\/span>
\nProvide enhanced group management capabilities, potentially including self-service, to enable efficient use of centrally-stored attributes to define access control for applications.<\/li>\n- Identity and Directory Modernization – <\/b>Complete<\/span>
\nReplaces our legacy, homegrown, mainframe-based identity system with vended, cloud-based identity solution<\/li>\n- Identity Governance and Administration – <\/b>Identified<\/span>
\nProvides an enhanced toolset for leaders, managers, data trustees, auditors, and individuals to review, request, authorize, and revoke privileges for individuals.<\/li>\n- Student Lifecycle Provisioning and Deprovisioning – <\/b>Complete<\/span>
\nStandardizes the processes by which student accounts are created and given access rights and manages how those rights evolve based on student status. This also includes a self-service portal to enable password reset and update of gender identity, pronouns, and preferred name.<\/li>\n- Campus Solutions Integration – <\/b>Complete<\/span>
\nIntegrates our IAM solution with the new Student Information System and addresses authorization of individuals within Campus Solutions for role-based and ad-hoc needs.<\/li>\n<\/ul>\nStakeholders<\/h2>\n
\n- <\/ul>\n
- Strong cybersecurity practices will require everyone\u2019s participation and will benefit everyone as our data will be better protected. The Common Services and Information Security Governance Committee helps to govern the information security program and becomes the voice for everyone in the program, providing input on priorities, organizational change management, and communication efforts.<\/li>\n
- The IAM program will bring particular benefits to non-binary individuals through support for gender fluidity, personal pronouns, and preferred name. The IAM Steering Committee will help guide the introduction of these and other features and includes representation from key identity providers: Enrollment Services, Human Resources, and Alumni Relations.<\/li>\n
- The mission to secure the university\u2019s data both provides input to and takes guidance from IS&T\u2019s Data Governance program on data management policy, roles and responsibilities, and needed controls. Increasingly this work will need to align with the University Privacy Coordinating Committee, particularly as legal regulations on data privacy grow.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
We will continue to enhance our cybersecurity processes and technologies, in line with best practices and the evolving threat landscape, to protect the confidentiality, availability and integrity of university digital services and information. Scope We will focus on two areas: Adopting tooling and awareness to address perennial issues like phishing and emerging threats like […]<\/p>\n","protected":false},"author":1301,"featured_media":0,"parent":23,"menu_order":6,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/pages\/104"}],"collection":[{"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/users\/1301"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/comments?post=104"}],"version-history":[{"count":51,"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/pages\/104\/revisions"}],"predecessor-version":[{"id":435,"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/pages\/104\/revisions\/435"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/pages\/23"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/techplan\/wp-json\/wp\/v2\/media?parent=104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- <\/ul>\n
- \n
- Identity and Directory Modernization – <\/b>Complete<\/span>
- Data Center Firewalls, Phase 2 – <\/b>Identified<\/span>