New Information Security Awareness Training Coming
Under Armour. Facebook. Panera Bread. These are just a few of the major brands that had data security breaches in 2018. At the University of Arizona, we take the responsibility of protecting our people and systems very seriously. The UA has personal and financial information for tens of thousands of people in our campus community, plus high-level research and intellectual property. It is important that we respond quickly when we see unexpected cyberthreats.
October is National Cybersecurity Awareness Month. It's an opportunity to raise the visibility and dialogue around cybersecurity and safe computing online, and encourage attentiveness and protection by computer users.
But cybersecurity awareness means much more to us here at the University of Arizona. It is a major priority for University Information Technology Services and UA Information Security, as well as leadership at the departmental, college and campus levels. We are continuing to make great progress on our information security program on multiple levels.
Implementing NetID+ for faculty and staff this past spring, and for all students earlier this month, is a major step toward making our institution more secure and protecting your data. The University of Arizona is among a few higher education institutions in the country that have achieved widespread campus adoption of two-factor authentication.
Most UA faculty, staff and students were able to self-enroll. College and departmental information technology staff provided valuable support in their areas for those who had questions. The 24/7 IT Support Center helped more 2,700 campus affiliates with NetID+ enrollment, including around 1,600 students. In addition to the 24/7 Support Center's normal hours of operation, an express location was set up in the Student Union Memorial Center to assist students with NetID+ enrollment.
I am very proud of the University's leadership in adopting two-factor authentication and thank all of you for your support in making this happen.
Mobilizing Campus IT
The institution has made great progress on developing a robust information security model. It includes 10 new programs, addressing many of the IT Security Performance Audit findings released earlier this year by the state Office of the Auditor General.
The UA Information Security office has laid a strong foundation by drafting new polices and developing new infrastructure. This will support campus units as they strengthen their operational maturity when it comes to information security.
Two hundred people have joined one of the UA's information security special interest groups and have helped to modernize the UA's information security policy.
We are actively working with IT units on campus to develop risk assessments for their colleges and departments, with the goal of making this an annual process.
The next steps are risk inventories and assessments, starting this fall with pilots in several units. In addition, new tools are being put in place to monitor the performance of our data systems against potential vulnerabilities.
On the Horizon
UA Information Security will be launching a new and improved information security awareness training program for all faculty, staff and student employees. Annual training already is required for employees. However, new efforts are being put in place to monitor completion.
The new training will take approximately 40 minutes to complete and will cover important areas such as phishing, secure data storage, and the European Union General Data Protection Regulation, known as the GDPR. Once you complete the full-length version of the training, your training in future years will be significantly shorter. Be on the lookout for more information in early December on how to access the new training and the completion requirements.
October may be the month when cybersecurity is most visible, but it's a priority for the University year-round. We appreciate your efforts to stay secure!
Barry Brummund is the UA's chief information officer.