15,000+ - Individuals now using Duo Security two-factor authentication at CWRU.
63,681 - Email viruses deleted daily by the CWRU spam and virus filtering system.
Above the “Risk” Curve
Initiative V focuses on information security at CWRU. To provide secure technology and protect the university’s information, research and data, UTech manages risk and implements comprehensive policies, controls and practices. These highlights demonstrate UTech’s commitment to delivering on this important initiative:
- UTech developed additional dashboards in the Security Incident Event Management (SIEM) program to enhance security monitoring and response.
- UTech updated and refined the Incident Response Plan to account for new workflow of the Security Fusion Center and the Cyber Attack Response Team (CART).
- UTech completed a risk assessment of the IT operations for the allied health schools, in accordance with our risk management strategy, to identify security risk throughout the campus IT community.
- UTech upgraded the Identity Finder data loss prevention system to its newest version, now called Spirion.
- UTech’s Identity and Access Management Committee approved a broad new policy for sponsorship of temporary and non-CWRU employees accounts, reducing risk to CWRU.
- The new Security Fusion Center has been established by UTech. The Center’s mission is to continuously monitor and improve CWRU’s security posture while preventing, detecting, analyzing and responding to cyber security incidents with the aid of both technology and clear processes and procedures.
Success Stories
October is National Cyber Security Awareness Month. Data breaches, malware and viruses were very much in the news in the time leading up to October 2017. UTech leveraged the aware atmosphere to deliver four information-packed weeks to the university in a variety of media, from newsletters and emails to posters and digital ads.
Week 1: Learn about Social Engineering/Phishing Attacks
Week 2: Enhance Your Mobile Device Security
Week 3: Performing a Personal Security Audit
Week 4: DuoSecurity Two-Factor Authentication
In its continuing mission to bolster the state of CWRU cyber security, UTech has started to deploy the password utility Last Pass. This tool enhances security and combats common password issues such as reusing one over multiple sites, helping users apply solidly complex passwords. One master password or passphrase set by the user grants access to a LastPass account, which in turn remembers (or generates) the passwords for any sites kept in its “vault” for each user, to enable easy and secure log-ins. LastPass combines with Duo Security two-factor authentication to protect access to the password vault.
UTech achieved a major milestone by adding the use of two-factor authentication to two PeopleSoft systems, Human Capital Management and Financials along with previously implemented VPN. Duo offers extra protection in the form of adding another ID verification to users’ network credentials keeping CWRU accounts, data and systems more secure. Nearly half a year’s worth of communications prepped and primed the community, starting with Cyber Security Month in October 2017. By the go-live date in early February, thousands of users had been successfully set up to access Duo Security.
CWRU, UTech and Cleveland Clinic Foundation have been leading sponsors to the Northeast Ohio Cyber Consortium, a cross-industry cyber defense threat sharing group. CWRU has hosted two meetings for the regional group, and is actively developing relationships with information security professionals across the region with the goal of strengthening the resilience of corporations in the Cleveland-Akron area to respond to cyber-attacks.