November 12, 2019
Understanding and adhering to regulatory controls for privacy and compliance as standards become more stringent will be a key activity. The Information Security and Policy Office (ISPO) will pursue opportunities for automating and orchestrating defenses that can help speed up response times as cybersecurity attacks increase, including expansion of the log-monitoring system. Efforts are underway to explore and implement additional methods for protecting university and personal devices, including “Internet of Things” devices. Great strides have been made in increasing email security, and that will continue to expand as ISPO explores an email security solution that has been deferred for a couple years. Network architecture will be appropriately segmented to protect campus data and systems, and ISPO is exploring a web-application firewall for critical systems. To assess enterprise risk, ISPO will continue developing threat intelligence for cybersecurity challenges impacting higher education, and will work on supply chain risk-management—avoiding attacks against IT vendors that impact the UI. To promote a security-aware community, ISPO looks to expand tailored, role-based security training.