Note from Interim Dean Vanden bout:
We are creating a new security group within CNS IT with the charge of overseeing the College's response to security incidents and events that have the potential to negatively impact the faculty, students and staff in CNS. The purpose of this group is to be proactive in protecting us from the disruption of downtime, and the potential financial loss associated with computer crime. One of the first projects will be to install a “vulnerability management” tool known as Nessus on all university-owned computers. To cut down on the number of quarantined systems and prepare for the network centralization efforts, we will continue to move most devices to a more secure network. Matt Davidson is leading this group and is reporting directly to Mark McFarland for issues pertaining to computer and information security. Additional communication will follow via the college's newsletter. Please see this link for additional information and how it will impact you: https://cns.utexas.edu/information-technology/it-security
-- David Vanden Bout, Interim Dean, Collge of Natural Sciences
Charge:
- Identify security vulnerabilities and develop plans and solutions for remediating those vulnerabilities.
- Develop progress reports as we move forward.
- Work directly with faculty and the ISO to ensure that the needs of CNS are adequately addressed.
- Work directly with staff in CNS IT, departments, research centers, labs, and any unit whose unique needs require specialized support to ensure that all networked systems comply with UT System, federal, state, and local security policies.
- Supplement the ISO's training program: https://security.utexas.edu/education-outreach for new and existing faculty, staff, and students.
- Be completely transparent with the college's faculty and staff.
Methods of implementing charge:
- Protect CNS from the world: Continue to move the majority of devices from a world accessible network to a campus only network by implementing the changes defined by the network and telecommunications leadership committee: https://itlc.utexas.edu/networking
- Protect the college's computers from others: Implement endpoint management for all university-owned Windows (SCCM), Mac (Jamf), and Linux (Puppet) computers in order to comply with the policies defined by the endpoint management group: https://itlc.utexas.edu/committees/endpoint-management.
- Protect users: Implement a communication plan and training program. Please see here for past communications: Security Communications
- Protect research and student data: Ensure systems are secure and in compliance with https://security.utexas.edu/policies/irusp
- Vulnerability Scanning: Install the Nessus tool which will scan and report system information including vulnerabilities to the central information security office, this does NOT send any user data other than who the user is.
- Antivirus software: The University currently uses Cisco AMP for university-owned machines. Please see this recommendation for personal machines.
- Backup: While we recommend folks to use cloud storage such as UT Box so data is automatically backed up and version control is in place, we also strongly recommend backing local data using UT Backup. All computers deployed by CNS are configured with UT Backup.
- Maintain device and risk inventory: Via the state-required ISORA survey https://security.utexas.edu/risk/isora
- Define policies: CNS is unique to the university in many ways and requires a supplement set of policies specific to a complex research organization. We will have additional policies that will supplement the ISO's policies. On that same thread, we will also create an exception process for business cases.