a Summary of Actions
The security engineers at Liberty University work tirelessly to protect the University and its computing users from both internal and external threats.
However, in recent months there have been an increased amount of attempts to compromise users' accounts. IT is doing its part to increase security and better protect the Liberty community as a whole. Below we will discuss a high level view of the following:
- Top Security Threats
- Plan of Action
- Potential Risks/Gaps
- Training & Communication
Top Security Threats
- Compromised Accounts - When user information such as username and password, are stolen unknowingly.
- Social Engineering Attacks - Through the means of deception or impersonation an attacker influences a user to share sensitive information
PLan of ActioN
- Acquired a Multi-Factor Authentication System (Purchased and planning to implement this summer) This system will help prevent unauthorized access to network resources. As an added layer of security, users will now be able to verify their identity by entering in a verification code sent to them through their mobile devices.
- Encryption on systems (In progress) A program called Sophos will be installed on the computers of staff members with access to sensitive information (projected to be installed on nearly 2,500 computers). It will encrypt, or protect, the data on the hard drive should it be lost or stolen.
- Ransomware Prevention (part of FY18 budget and will be implemented next year) Computer malware that installs into our network without detection and then encrypts data which makes it inaccessible unless a ransom is paid. There is an increase of these attacks in the education sector.
- Payload Security (Approved and will be purchased in July) This service will scan email attachments and files (payloads) that could install malware which could lead to the unauthorized transfer of data from the users computer. If malicious content is detected, the message will be blocked and the receiver will be notified.
HIGHLIGHT: ON AVERAGE, 1/3 OF EMAILS coming IN ARE BLOCKED
Looking at the chart below, you can preview how many email scams never reach Liberty users. Millions of emails come in on a bi-weekly basis and anywhere from 2.5 to over 5 million are blocked.
- Advanced Threat Analytics (Implemented and operational as of 4/2017) Provides advanced notification of potential exploits. This service maps out the online activity of Liberty users and routes and sends notifications of suspicious activity.
For example: If a Liberty user logs in from the U.S., accesses a program and then 5 minutes later logs in from outside the country, that activity would be flagged—notifying the security team that there is a high probability that the user’s log-in information has been compromised.
- Advanced Threat Protection (Purchased and planning to implement this summer) This system provides the ability to detect, investigate, and respond to advanced attacks and data breaches.
HIGHLIGHT: DURING A 3RD PARTY IT ASSESSMENT THE UNIVERSITY MET 90 OF 94 Best Security OBJECTIVES
Internal Actions and restructure:
- Hired a Security Access Control Engineer (Starting May 15th) This high-level engineer will identify and locate all private and highly classification information on the Liberty system and ensure data is protected.
- Created the CSIRT (Cyber Security Incident Response Team) This soon to be 7 person team works together to respond to security attacks.
- Created the CSIRT Flow Diagram - A highly detailed incident response process developed by the CSIRT in order to resolve a security threat.
The process includes the following stages:
- Review and Close
Example of the "Identification" stage in the CSIRT Flow Diagram