Information Security Update for April 2024
Greetings MLC campus! This is the first of many Information Security Updates to come as we begin the rollout of our revamped information security program here on campus including updated policies and the development of many procedures, guidelines, lists, etc. in the months and years to come. To kick things off, here is a “quick” 10-minute video outlining five important items as we start down this path:
As outlined above, here are the five items to keep in mind as we get started:
Finding Information
All information now is going to be a WORK IN PROGRESS as we look to continue to refine so many aspects of our information security program. However, you can visit KnightHelp’s Information Security section to find the most up-to-date information. This will include links to the current policies, procedures, guidelines, and future lists of approved software and services. Again, this area is going to be under development, so it should be considered a WORK IN PROGRESS for a long time.
As sections are built out, more information will be relayed to the campus both on what it contains and how to use it.
Centralizing Technology Purchasing and Vendor Assessments
While we do a lot of purchasing in IT Services, even more will need to be centralized so that we can both keep accurate lists of what is being used on campus, and by whom, and we can keep a hold of information security assessments of vendors we are sharing non-public data with. We are hoping to use the HECVAT in the future for any assessments, but will wait to assess current vendors until their contract is due.
If you have any questions about how this will work, please reach out to me, Bob Martens.
Encourage Participation
There is a variety of different pieces of information security awareness being handled across campus at the moment, but we are going to be revamping that awareness over time. While phishing tests will continue for faculty and staff, it is highly likely that other information security awareness topics will be handled differently in the future. Details are scant at the moment, but more will come in the future. Also, the new policies will be replacing the technology policies needing to be acknowledged each year. This request may happen sooner, so stay tuned for more information.
Care When Requesting Data Access
In order to help become a more data-aware campus, new safeguards are going to be put in place to help us take better care of the data we have been entrusted with. This will include new procedures for requesting ongoing access to data along with guidelines around the use of different classes of data. Details will need to be ironed out before we can share more, but we are hoping to strike the right balance between a free-for-all and Fort Knox.
Enhanced Authentication Security
First, do not share your passwords with anyone else. Second, look at using a trusted password manager to help you manage the sheer number of different log in combinations you use each day. That will be one area of the approved software lists written about above.
However, the biggest change is that we are actively testing Multi Factor Authentication (MFA) to be rolled out to all MLC Accounts in the near future. This additional layer of security will be used to help keep your data safe, along with any data you may have access to. MFA will be embedded into the authentication methods used by our most popular web services including Portal, Moodle, and others.
Closing
You’ve made it this far! Thanks for reading. This is the start of a journey, but a good one. From here we hope to have more consistent communication with the campus around information security topics along with continuing to improve our policies, procedures, guidelines, and systems over time. If you have any questions, comments, or concerns at any time, please feel free to visit me, Bob Martens, in IT Services on campus or email me whatever you might have.
Have a blessed rest of the semester!