Category Archives: Security

IT Governance – October 2017

IT GovernancePresentation – Dr. Mike Berman, Chief Innovation Officer, CSU Office of the Chancellor.

The IT Governance Executive Committee was introduced to the new Chief Innovation Officer at the Chancellor’s Office, Dr. Michael Berman. The areas of focus for the Innovation Office at the CO are:

  1. Student Systems – Currently there is a nationwide trend on how to make systems more agile through PeopleSoft. Mike hopes to launch a product in about 6 months to start trying a new interface.
  2. Cloud Computing – Costs are going down, there are financial changes, staffing changes and demand changes. We now have better systems and spend less money.
  3. Virtual and Augmented Reality – A summit will take place next week which will have CSUSB’s Mihaela Popescu presenting. It will showcase what campuses in the CSU are doing with this technology.
  4. Collaboration at a Distance – Zoom and other tools are used for collaboration at a distance.

College Scheduler Presentation – Amy Braceros

A brief demonstration of the step-by-step process was shown for the College Scheduler program.

Policy Review

The following policies were brought to the committee for validation and to review proposed changes.

  • Acceptable Use Policy for Electronic Communications – The Committee validated the policy with some housekeeping changes.
  • Printing Policy – The Committee validated the policy with some housekeeping changes.
  • Mobile Device Policy – The policy was presented with proposed minor changes. The Executive Committee voted to move forward with taking the policy to the Administrative Council.
  • Campus Email Structure and Communication Policy – The proposed changes were discussed and a few minor changes will be made before moving to Administrative Council in November

All four policies will be taken to the Administrative Council Meeting on November 1st.

Grand Opening

17-09-27-CSUSB-- (L to R) Brian Haynes, Vice President, Student Affairs, California State University, San Bernardino, Gerard Au, AVP, Operations & Customer Support, ITS - Technology Support Center (TSC), CSUSB, XXXX, XXXX, Connor Dickson, Vice President of Finance, Associated Students, Inc. (ASI), CSUSB, Prince Ogidikpe, Vice President, Associated Students, Inc. (ASI), CSUSB, Samuel Sudhakar, Vice President, Information Technology Services, California State University, San Bernardino, Tomás D. Morales, President, California State University, San Bernardino, and Jim Olinger, Director of Enterprise Applications & Tech Support, ITS - Technology Support Center (TSC), CSUSB -- The 24/7 Study Space "The Cave" Grand Opening and Ribbon Cutting Ceremony in the Wedge of the John M. Pfau Library (PL) at California State University, San Bernardino on Wednesday, Sep 27, 2017. Photo by Corinne McCurdy/CSUSB

On September 27, 2017, the grand opening of the new 24/7 Study Area took place. The “Cave” is a result of the efforts of the ITS Division and the ASI Leadership Team. This new space will provide students with a comfortable and safe place to study – no matter what the hour.

The CAVE | The only 24/7 study space on campus!

Location:  First floor of the Wedge (Pfau Library Addition)
Hours:  24 hours a day, 7 days a week

Resources available:

  • Over 50 seats and collaboration station
  • 70 Windows workstations
  • 12 Macintosh stations
  • Wireless charging spots and charging lockers
  • Printing
  • Seattle’s Best Coffee & Tea machine, snack machines & water hydration station
  • In-person technical support from 6:00am – midnight, Mon – Fri and 7:00am – 7:00pm, Sat – Sun

Note:  Coyote OneCard is needed to access The CAVE between midnight – 6am (Mon-Fri) and 7am – 7pm (Sat-Sun).

 

IT-Governance: March 2017

IT LeadershipBlackboard inactive course duration on production server recommendation

As the result of Blackboard becoming more and more impacted by large amounts of data being stored, the need to keep the system agile and efficient was under discussion. After meeting with the ATDL committee, ITS has decided to recommend that only courses from the previous two complete academic years would be retained from the Blackboard production environment. Details of the recommendation were discussed within the Executive Committee in regards to the length of time the archives would be maintained as well as the process to be established to help faculty request archives. In conclusion, the recommendation was approved by unanimous decision, following a clear protocol for faculty to request archives.

Campus wide Phishing exercise and training update

In continuation from last month’s discussion, the CSUSB phishing exercise recommendation was once again brought up for discussion. The Institutional Review Board (IRB) reviewed the program and found it didn’t need approval as it was Not Human Subjects Research (NHSR). In response to the delivery of the program to users, the Executive Committee approved of the exercise. However, this approval was met in compliance of informing the various leadership committees throughout CSUSB about the program. The Phishing exercise is due to move forward with a pilot program of 100 faculty and staff across campus to share their results with the Executive Committee, eventually leading to proceed with the entire campus.

How’s Your Cyber Hygiene?|Keep Private Information Private

Brought to you by The Cyber Security Club.

keep-private-information-privateWhen it comes to online privacy most students, especially millennials, are oblivious to the settings of their accounts, passwords, and apps that require location set ups. They are less mindful of the posts they put up and how it can affect them afterwards. Even if there are no specifics to the time just the name of the event and location can suffice or even photos of tickets of the event is dangerous in itself.

Be mindful of what you post online and the settings on your social media and apps. The friends one has on the social media is also important to be careful with. It is important to know who you add and are inviting to see your information because remember all information on social media is public. According Andra Zaharia, a Security Specialist at Heimdal Security, close to 600,000 Facebook accounts are compromised each day.

 

ITS Information Security and Emerging Technologies

its_blog-posts-01The Information Security and Emerging Technologies department does much to protect campus users from online threats. It is here where the IS&ET oversees our network’s traffic, secures all login credentials, instills internal policies, and provides continued education with online safety.

In recognition of National Cyber Security Awareness Month, the IS&ET alongside the Information Security Club and Coyote Advertising have created the “How’s Your Cyber Hygiene?” campaign to spread awareness to the entire campus of the many threats online. By utilizing social media along with various screens throughout campus, the campaign has brought with it a means to provide people with the basics in cyber security protection. Some of these examples include insight in Email threats, Privacy protection, and secure links and pathways (see example below).

By training those within the ITS department, exercises and scenarios have been set to prepare staff in facing online threats. Such examples are seen with false emails in disguise as phishing attempts, showing staff firsthand the attempts hackers make to tap into one’s privacy. Eventually, such measures will be taken beyond the ITS department and staff, giving everyone a first-hand taste of what it is like to be exposed to a phishing attack. Although done with no intent on harm, these exercises will lead people to a safe location which will inform them of what just occurred.

Alongside the cyber awareness campaign and the continued education, the IS&ET department has provided a link to common practices one should be aware of with internet used. Further insight and examples can be found on http://iso.csusb.edu/practices.

For more information, visit http://iso.csusb.edu/ or contact:

Information Security & Emerging Technologies
California State University, San Bernardino
John M. Pfau Library Room 2006 (PL-2006)
5500 University Parkway
San Bernardino, CA 92407
(909) 537-7262

How’s Your Cyber Hygiene?|Think Before You Click

Brought to you by The Information Security Club.

Pop up ads, redirections, andthink-before-you-click fake websites are just a few of the detours taken when coming across false and misleading links. Spoofed websites and emails try to fool you into clicking bad links. Stop. Think. When on a search engine, take caution as to where your results lead you. Questionable domain names and extensions are key indicators that can save you from unsecure sites and prying eyes.

Be especially cautious when following links within your social media accounts. Online quizzes, articles, and contest entries can lie as hidden traps to lure people into dangerous sites. Ever important are the now condensed or “tiny” URLs which are responsible for leading people astray. Millennials (ages 18 – 33) are the most likely age group to fall victim to cyber crime! Remain vigilant and on the lookout for suspicious site extensions such as .tv, .co, .biz, and more.

How’s Your Cyber Hygiene?|Be Cautious With Email

Brought to you by The Information Security Club.

be-cuatious-with-emailOn regular basis we are constantly getting emails either from school, work, subscriptions, and more, but keep in mind of who we give our emails to and which emails we decide to open. If there is an email you are suspicious of or do not know who sent it to you the safe bet would be to not open it. Emails can have subject headings that are appealing to us such as “You’re a Winner!” but it is usually those emails that have malware which attack our computers. The same goes for emails sent to us with attachments. In reality we should all be cautious when we download and attach files ourselves, this also includes being aware of who is sending us these files.

The FBI states to never open or download attachments from people we do not know and to be careful with attachments that people we do know send since they can carry advanced malicious code. Emails are more susceptible to having viruses that can easily take over your computer and information without proper caution.

ProofPoint | CSUSB’s Email Protection System

The ITS Team will be upgrading CSUSB’s email protection and spam management system.

We will be migrating from the current Barracuda system to a new cloud based email management solution provided by ProofPoint.

The ProofPoint solution will feature the following functionalities:

·         Provide additional end-user control to manage their spam settings (whitelist/blacklist).

·         Enhance spam detection.

·         Blocking of malware in emails before they hit your inbox.

·         Prevent sophisticated email “phishing” attacks.

The ITS Team is in the process of configuring and testing the new solution and the system is expected to be placed in production by March 31, 2016. Please note that the transition to the new email management solution will not interrupt or affect the delivery of incoming and outgoing email for campus users.

Training and support on the use of the new ProofPoint email management solution will be provided by the Technology Support Center. Additional information and training dates will be available in the upcoming weeks.

To learn more about ProofPoint Office 365 protection please visit: https://www.proofpoint.com/sites/default/files/proofpoint_o365_hd_web.mp4

Identity Finder

Identity Finder – Scanner for PII – Personal Identifiable Information

Links to CSUEU and CFA Points of agreement

Cybercrime, specifically, data breaches, are on the rise exposing Personal Identifiable Information (PII) which can be used to facilitate identity theft. PII is classified by the CSU and CSUSB as Level 1 data that is linked to an individual person’s identity, such as Social Security Numbers, driver license data, and credit card or bank account information. Many of us may unknowingly be placing the university at risk by having sensitive data on our workstations; locating sensitive data, hidden in documents long forgotten, is not easy.

The California State University, in agreement with affected bargaining units, recognized the importance of protecting PII under our care and, as part of the system wide efforts to minimize the risk for the inadvertent disclosure of PII, the CSU is providing Identity Finder Data Loss Prevention software to help locate sensitive data that may be buried in campus computers.

As part of the CSU implementation, each campus will provide a period of 30-days to all employees to install Identity Finder and to scan their workstations and files to identify, secure or dispose as necessary of any personal identifiable information stored in their computers.

Identity Finder is simple to download and install. Instructions, additional awareness documentation and the CSU agreements can be found in the PersonalInformationFinder topic of the campus Wiki site at https://wiki.csusb.edu/bin/view/Standards/InfoSec/PersonalInformationFinder .

For the next 30 days, the campus community is encouraged to download and install Identity Finder and search and clean-up unsecured PII in their workstations. After the initial 30 days, periodic scan using Identity Finder will be conducted by the Information Security and Emerging Technologies Department on campus workstations per the CSU agreements.

If you should need assistance for installing the software on your computer, please contact your designated IT staff or the Technology Support Center (TSC) at x77677.

If you encounter any issues with Identity Finder, need assistance to secure or dispose of sensitive information or have questions regarding campus information security policies and standards, please contact the Information Security and Emerging Technologies Department at x77262.

Screenshot of Indentity Finder search progress