Academic Senate prepares for computer security updates
A policy is in its final stages to safeguard university-affiliated emails and computers in light of the increase in phishing reports and other breach-related incidents.
Mark Herron, chief information security officer, gave a presentation on the Secure Computing Configurations Policy at the Academic Senate meeting Oct. 10.
The policy consists of several security strategies that are in strict compliance with university standards. Alterations will be made to the network and technical systems, workstations and digital logins.
“It’s an important policy because it affects a lot of people in a way that a lot of our technical policies do not,” Herron said. “Normally we would implement these on backhand systems but for a lot of us it affects the workstation that is being used a lot on day-to-day basis.”
One of the changes will be an annual password expiration for university login, which will appear 30 days prior.
A Global ID policy is also in draft to change administrative access to a default “User” status. Every Global ID will be restricted to a position of “Least Privilege,” which refers to a common profile without special interests or access rights associated with an account.
The strategy will limit malware and ransomware from running without a specific purpose.
Exceptions will be available in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which is legislation made to secure medical information.
Accommodations could include using Global ID in non-standard situations such as installing drivers or using advanced scientific devices.
The policy is also being made flexible for lab use in the outdated facilities on campus, Herron said.
“Older software needs to run as an administrator,” Herron said, explaining that a built-in flexibility is emphasized in the draft.
Network updates also consist of a new firewall along with accessible security tools. Herron said the firewall aims to have a one-size-fits-all compatibility for the various departments, colleges and facilities offered by CMU.
“Why would you buy different types of software and antivirus software when you can buy one and get a discount,” he said, adding that the new firewall will reduce spending and make security methods identical across campus.
The new firewall will be implemented by the December holidays.
Other security strategies that will be put in place include stricter monitoring of accounts and locations and an automatic lock system for computers left unattended.
Herron said it’s important for students, faculty and staff to bring devices to computer services at the university when they can no longer be used. Computer services will-triple clear device memory to make sure no data can be received by new owners.
He said the biggest concern is phishing, an illegal method for obtaining usernames, passwords and credit card details through online disguises.
“Phishing is increasing everywhere, and it really comes in rounds,” Herron said.