Engineering 2019 IT Computing Controls Audit
The Ira A. Fulton Schools of Engineering (FSE) have completed ASU’s 2019 IT Computing Controls Audit. This assessment consisted of a survey which included questions from multiple strategic IT risk categories and testing of departments.
To address identified high-risk areas of Security Awareness, Security Management, and Continuity of Operations for 2019, Engineering Technical Services (ETS) in collaboration with School IT teams engaged with an expansion of all computing controls concerning the audit’s findings of information security and beyond.
- Security Exceptions for Computers
- In the event there is a computer that is not a candidate for the security toolsets outlined below (e.g., a research-based system), please contact your unit’s IT team for a Security Exception. Your IT team will evaluate the request and may design a customized security approach that encompasses the request and adheres to University policy.
- FSE Security Reviews
- In compliance with ASU and GPIS security standards, ETS designed a streamlined, customized security review process to serve FSE better.
- With an embedded IT support model, FSE units are responsible for generating an FSE Security Review for technology purchases (hardware and software) where ETS is available for assistance throughout the entirety of the processes.
- For non-ETS units, only IT Leads, and their appointed secondary staff may submit FSE Security Reviews.
- Continue successful roll-out and development of security toolsets to all end-point devices that connect to ASU’s network.
- Centralized framework leveraged by Enterprise technologies
- Engineering is actively working on the Deploy Encryption Project, with the focus initially on workstations and laptops. The second phase of the project is specific to smartphones and tablets.
- IT Director is overseeing the project centrally for compliance within Engineering. IT Leads are managing the projects within their units.
- ETS continues to strengthen its implementation of SCCM, Jamf Pro, and Ansible for all Engineering schools and units to facilitate automation, management, and compliance reporting across all three major operating systems; Windows, Macintosh, and Linux. ETS is actively working with IT Leads and local teams to adopt and roll-out these technologies.
- Use an enterprise access tracking tool to track, monitor, manage, and secure department computing assets
- Engineering implemented Cireson as the Central Asset Management tool for Engineering assets. This tool is integrated with SCCM and allows for the central discovery of assets.
- Publicized deployment of ultramodern security toolsets
- Engineering computers evoke disk-level encryption, CrowdStrike antimalware, and Spirion data security software.
- Engineering authorized Windows, macOS, and Red Hat and Ubuntu Linux computer Operating Systems are continually patched, secured, and maintained.
- Annual security and awareness training
- Engineering Education Campaign – continued awareness, communication, outreach, and reminders sent to employees who have not completed the training by Leadership Team, IT Leads, and Business Managers.
- Continued focus on duty-specific IT security awareness training for students, faculty, and staff.
- Continue to modernize Engineering’s employee and student worker On-Boarding Programs and Hiring Checklist with supplemental IT security awareness materials.
- Increase physical security training
- Units require faculty and staff to verify employment when asked for physical access to departmental computers.