Data Security Initiative Progress
I. Develop and document systems and practices to protect our data including Governance, Risk Management, Cyber Security, Identity, and Access.
| 2018-2019 | 2019-2020 | 2020-2021 | |
|---|---|---|---|
| Update Administrative Regulation 6006 | Approved by ITAC Spring 2019 |
Adopted Fall 2019 |
II. Implement standards as adopted and developed by the CCC Security Center:
| 2018-2019 | 2019-2020 | 2020-2021 | |
|---|---|---|---|
| Information security policies, regulations, and business processes will be adopted, derived, and aligned with the currently adopted CCC’s Information Security Standard. | |||
| CCC Information Security Standard | Adopted Fall 2018 |
||
| CCC Data Classification Standard | Adopted Fall 2018 |
||
| Best Practice: Procedures for Sharing Files and Folders in OneDrive | Adopted Spring 2019 |
||
| Best Practice: Password Creation | Updated to better align with current standards Spring 2019 |
||
| Procedure: Dealing with PII in Outlook and OneDrive | Adopted Summer 2019 |
||
| Standards: Multi-Factor Authentication | Adopted Fall 2019 |
||
| Procedure: Disposal, Donation, and Transfer of Computer Equipment | Adopted Fall 2019 |
||
| Standard: FERPA Protected Data | Adopted Spring 2020 |
||
| Standard: Screen Saver Timeouts | Adopted Spring 2020 |
||
| Standard: Vendor Risk Management | Adopted Spring 2020 |
||
| Standard: Access Control | Adopted Fall 2020 |
||
| Standard: Working Remotely | Adopted Fall 2020 |
||
| Standard: Disaster Recovery | Adopted Spring 2021 |
||
| Standard: Incident Response | Update existing plan to better align with NIST standards | Adopted Spring 2021 |
|
III. Utilize the tools and services offered by the CCC Security Center, including:
| 2018-2019 | 2019-2020 | 2020-2021 | |
|---|---|---|---|
| Splunk: Correlates real-time data for threat analysis. | Baseline Implemented Fall 2018 |
Phased Rollout Spring 2020 |
Continued Integration Fall 2020/ Spring 2021 |
| Tenable Security Center: Provides real-time vulnerability scanning. | Baseline Implemented Fall 2018 |
Reimplemented Spring 2020 |
|
| Spirion: Provides data loss prevention (scans for SSN, credit card numbers, etc.). | Baseline Implemented Spring 2019 |
Phased Rollout Fall 2019 |
On-hold |
| Vulnerability Assessments. | Annual Assessment Spring 2020 |
Annual Assessment Spring 2021 |
|
| Phishing Assessments. | On Hold Spring 2020/ Fall 2020 |
On-hold Fall 2020/ Spring 2021 |
|
| Penetration Testing. | Annual Assessment Fall 2020 |
Annual Assessment Fall 2021 |
IV. Request funds, purchase and implement various industry-recognized tools and services designed to support the policies and standards adopted above:
| 2018-2019 | 2019-2020 | 2020-2021 | |
|---|---|---|---|
| Microsoft SCCM: Expand the use of applicable security-related features. | Implemented a Local Administrative Password Solution Spring 2019 |
Ongoing | Ongoing |
| Microsoft Outlook and OneDrive: Provide data loss prevention for email and file storage. | Completed Fall 2018 |
||
| Jamf: Automate patching, upgrades, audit security events, and hardening for Apple computers. | Baseline Implementation Summer 2020 |
Continued Integration Fall 2020/ Spring 2021 |
|
| PortalGuard: Provide 2-factor authentication, single sign-on, and self-service password reset. | Self-service Password Completed Spring 2019 |
2-Factor Authentication/ Single Sign-on Completed Fall 2019 |
Additional Features Spring 2021 |
| Research and implement a next-generation antivirus solution (Cylance chosen). | Administrative Network Completed Spring 2019 |
Computer Labs Planned Spring 2021 |
|
| Research the value of a network monitoring service to detect high-level attacks (SecureWorks chosen). | Baseline Implemented Spring 2019 |
Completed Spring 2020 |
|
| Appsian (previously Greyheller) Application Firewall: Provides various security layers for PeopleSoft data. | Planned Fall 2020/ Spring 2021 |
||
| Research the value of endpoint snapshot tools for instant recovery (Microsoft Unified Write Filter chosen). | Completed Summer 2020 |
||
| Research and implement next-generation firewall for intrusion prevention (Palo Alto chosen). | Completed @ PCC Summer 2019 |
Completed @ LAC Summer 2020 |
|
| Research and implement a Password Access Management (PAM) solution to manage administrative accounts. | Research Summer 2019 (Project Deferred Spring 2022) |
||
| Security Awareness Training. | Research New Vendors Summer 2019 |
On-hold Spring 2020/ Fall 2021 |