Taking steps to build a cyber-resilient university
Computer and information security does not happen in a vacuum. Building cyber-resilient organizations requires a holistic approach including assurances in systems, operational areas, and people.
Illinois State has taken a major step towards becoming a more cyber-resilient university with the development of the Enterprise Security Domain Team (ESDT). This cross-campus team is comprised of IT staff from across the campus community and one instructor to begin to address the ever increasing security needs faced by our University. The mission is to identify cyber security issues and opportunities for campus-wide improvements.
The team, comprised of 25 members from the academic, student affairs, and administrative areas of the University, work in specific sub-teams organized by security themes to identify issues facing all campus stakeholders while also determining possible solutions to improve the University’s overall cyber security posture. The sub-teams draw members from stakeholders across campus, including members of the ESDT, to capitalize on the vast knowledge and perspectives of the entire campus community.
The ESDT initially identified seven priority areas to address:
- The first is the need for an enterprise wide on-boarding and off-boarding processes for the campus. Currently, each department follows its own procedures for this area which can lead to confusion and mismatched user access.
- The second team is focusing on encryption options. This sub-team’s focus is on determining solution options for the encryption of data both in-transit (between ISU and other entities) and at rest (stored on ISU and hosted servers).
- Third is the identification of the need for mobile device management. As the world becomes more “mobile” in relation to information access, mobile device management solutions become increasingly necessary and complex. This sub-team is working on procedures and options for the management of mobile devices and how those devices will interact with campus data.
- The fourth sub-team is focusing on PII, or personally identifiable information, scanning processes and procedures. PIIs are prevalent on University campuses. As a result, the University has both a legal and ethical requirement to identify and protect that data.
- The fifth sub-team is focusing on security options to address the transition to Office 365.
- The sixth sub-team will focus on integrating FormStack, a robust platform used for data collection, into the workflows and approval processes across campus to improve the security around the information collection process.
- The final initial sub-team is focusing on creating awareness and educational offerings to help all campus stakeholders increase their knowledge about cyber security and inform all users at protecting themselves and University from misuse or cyber compromise.
While the sub-teams are project focused, the ESDT is a standing team that will continue to address cyber related issues the campus faces. As projects are completed, and new projects are addressed, the ESDT will continue to mature alongside the overall cyber-resilient posture of the University. For more information, please contact the Information Security Office.