The Fulton Schools of Engineering have completed ASU’s 2016 IT Risk Assessment. This assessment consisted of a survey which included questions from 5 strategic IT risk categories and testing of departments. Security awareness testing were applied to a random sample of faculty and staff. With a ranking system of 1 – 3, Engineering’s overall rating is 2.3.
To address the University high risk areas of Security Awareness, Security Management, and Continuity of Operations for 2016, Engineering Technical Services in collaboration with School IT teams have created Engineering’s 2016 IT Risk Assessment Action Plan. This plan is actively being worked and focuses on ASU’s high risk areas.
- Complete 100% of annual security and awareness training by Oct. 15th, 2016.
- Engineering Education Campaign – continued awareness, communication, outreach and reminders send to employees who have not completed the training by Leadership Team, IT Leads and Business Managers.
- Focus on training for student worker population, they were identified as a higher risk based on social engineering phishing attempts.
- Add IT Security Training and Awareness Program to all Engineering employee and student worker On-Boarding Programs and Hiring Checklist.
- Increase physical security training – identified as a point of vulnerability and high risk
- Each unit should require faculty and staff to ask simple questions to verify employment when asked to provide physical access to a department’s computers.
- Deploy regular phishing attempts to sensitize employees.
- Review UTO phishing results from tested Engineering departments for process refinement and further training/education.
- Continue successful roll-out of encryption for all end-point devices that connect to ASU’s network, not just laptops, using SCCM and CASPER.
- Engineering is actively working on the Deploy Encryption Project, with focus initially on workstations and laptops. The second phase of the project specific to smart phones and tablets has been added.
- IT Director is overseeing the project centrally for compliance within Engineering. IT leads are managing the projects within their units. Schools are documenting systems that can’t be encrypted and working on system replacement plans.
- ETS implemented SCCM, MBAM and CASPER for all Engineering schools and units to facilitate automation, management and encryption compliance reporting. ETS is actively working with IT Leads and local teams to adopt and roll-out these technologies, with a goal of 100% adoption.
- As of Aug 10th, all Engineering Schools, EDO/ASA, ETS, and ETSlabs and in Full SCCM mode.
- Use an enterprise access tracking tool to track, monitor, manage and secure department computing assets.
- Engineering implemented Cireson as the Central Asset Management tool for roughly 6000 Engineering assets. This tool is integrated with SCCM and allows for central discovery of assets. This fall it will be rolled out within all schools and units, with current inventory imported from existing disparate systems.
Continuity of Operations Plans (COOPs)
ETS is leading the Engineering COOP project. This project started in 2015. New team lead Rick Willis will take over the project this fall. Key Stakeholders and key contacts for each school and unit have been identified. The outcome is to have a plan developed for each school and business unit completed by 2017/2018 fiscal year.
- Approved Framework has been built for all schools and units to use
- Critical Function categories identified based on Levels of Criticality
- Critical 1 (must continue) Instruction, IT, Safety
- Critical 2 (must continue-reduced) Business Services, HR, Facilities, IT, Safety
- Critical 3 (paused resume in 30 days) Advising, Student Support, Business Services, Facilities, Faculty Research, IT, HR, Safety, Special Events
- Critical 4 (Deferrable) Facilities, IT, Special Events
- BHSE and ETS plans are in ASUReady
- Incident Response testing plan will be created and exercised for BHSE and ETS during the next six months.
- Start project with CIDSE in Fall 2016. Determine timelines for remaining schools SEMTE, ECEE, TPS, SEBE, EDO, GOEE and units
- ETS is participating on the ASU’s Business Continuity Planning advisory group to identify institutional common business functions and discuss how they interact with all areas within the university. Engineering is being used as a model for academic units.