UD Seal
IT Activity ReportMay 2016
May 2016 Activity Report | Information Technologies

Secure UD Initiative

In January 2014, UD Information Technologies (IT) launched the Secure UD initiative as a way to heighten the University community's awareness and understanding of computing and information security topics. Since then, the Secure UD initiative has expanded to include several programs and technologies, all of which help raise the University community's awareness of the need to keep personal and University information safe. UD IT has coordinated the improvement of the University's information security posture by working with departmental and college IT staff, directly with employees and students, and with selected third-party vendors.

Activity reports over the past three years have mentioned many of IT's security improvements—even before IT launched the Secure UD initiative. The information below summarizes the progress made in several initiatives since our last activity report and highlights some upcoming improvements.

Secure UD information security awareness training

Since the spring of 2014, IT has been offering Secure UD training—a modular online program that is now the University's primary information security awareness tool. Through education about key security topics, this program empowers faculty and staff to make security-conscious decisions to protect themselves, their work, the community, and the University as a whole.

This year, Secure UD training is being released in phases (one each in January, April, and September) to help reinforce security topics throughout the year. Employees will be able complete the training in three short work sessions rather than in one long session. The completion rate for the first phase of 2016 Secure UD awareness training exceeded that for the entire 2015 training program by 24%. Even though phase two has only been available for a month, its completion rate is 3% higher than that for the 2015 training. IT has received positive feedback about the new phased approach and the updates our vendor (SANS Institute) has made to the training modules.

Have you completed your Secure UD training yet?

Secure UD Threat Alerts

IT also maintains the Secure UD Threat Alerts blog, which provides bulletins about information security threats seen on campus, including phishing scams targeting the University community.

Secure UD Student Agreement

Since 1995, when new students create their email accounts, they have completed a brief course on cyber citizenship and responsible computing. Known as the Electronic Community Citizenship Examination (ECCE), this course was designed to ensure that all incoming students have a basic understanding of their computing responsibilities at the University.

In keeping with its ongoing mission to improve computer and information security awareness across the campus community, IT has retired the ECCE and is preparing to release the Secure UD Student Agreement. This improved, student-oriented responsible computing tutorial will reinforce key security topics and safe computing habits for all new students. Its content reflects the new direction of the University's policies and best practices for academic, professional, and personal computing.

IT will send email to students who created their UDelNet accounts after ECCE was retired. These students will be required to complete the Secure UD Student Agreement when it becomes available.

Desktop Security Training

IT hosted a half-day Desktop Security Symposium on April 27. Jason Cash, interim vice president for IT, began the event with a keynote for the nearly one hundred IT professionals in attendance. Sessions focused on the information security policies being developed as part of the Secure UD initiative and on how best to secure data, shield clients' desktops from attack, and increase overall security without hindering workflow.

A series of follow-up sessions are being planned based on feedback from a questionnaire distributed after the event. The series will start with LAPS (Local Administrator Password Solution), an Active Directory based utility that randomizes and stores local administrators' passwords. Other topics will include AppLocker and Bitlocker deployment, an open discussion of the information security policies currently being formulated, and a unified approach to managing security on Mac OSX-based machines.

Security Updates

Included in the Secure UD initiative are several security updates that improve the way members of the University community access their online accounts and UD services.

Beginning in November 2016, the University will also begin requiring that passwords be changed every 15 months.

These updates to UD's password requirements will make employee and student accounts more secure against hackers.

Secure UD branding

Moving forward, IT will use the Secure UD logo to increase the visibility of the Secure UD initiative and to make sure that security messages and offerings are delivered consistently. By increasing engagement with the University community, IT will ensure that University community members receive the tools and support they need to protect themselves, each other, and the University.