Stephen F. Austin State University

IT Security

Introduction

The role of IT Security at Stephen F. Austin State University is to ensure the confidentiality, integrity, and availability of university data, information, communications, and services.

To promote secure information technology systems, IT Security also educates users; assesses and identifies new architectural requirements; and consults in the areas of security risk, practice, policy, and technology. IT Security also provides the coordination of security incident investigation and response.

SFA works in cooperation with other state agencies and higher education institutions to secure campus information.

Security Awareness Training

Beginning immediately, the new security awareness training package is available across campus. Employees required to take the training will be notified through the myTraining system. Some employees are automatically required based on their access to information and role within the university detailed in the attached guidelines documentation. For employees not automatically required to take the training, it is the director's or department head's responsibility to determine if the employee has access to confidential or sensitive information and therefore should participate in the training. ITS developed a mechanism for the directors and department heads to mark other employees as needing the training as well as a proxy function so this process can be delegated. Note, the update will occur in an nightly upload to myTraining meaning employees will have next day access to the training.

Security Awareness Training Guidelines

Employee Security Awareness Training

Student Security Awareness Training

For questions, please contact the IT Security office.

Current Events

Texas Cyber Security Framework

During the last quarter of 2014 SFA conducted a comprehensive investigation of the university's current security status. Using the DIR's (Department of Information Resources) Texas Cyber Security Framework as a template, the security staff was able to evaluate key areas of SFA's IT architecture. Overall the campus has a strong security posture, but there is always room for improvement. This framework will assist in this process by giving the university a baseline to measure the health of information security from this point on.

Vulnerability Assessment

The DIR has assessed SFA's network security by conducting a Vulnerability Assessment. This assessment will be performed on a quarterly basis throughout the year. The outcome of these engagements will assist SFA in gauging our security posture based on the results that we receive.

Symantec Endpoint Protection Upgrade

SFA has renewed its license with the anti-virus suite known as Symantec Endpoint Protection Manager (SEPM). This upgrade will give the university an opportunity to revamp the way anti-virus software has been managed thus far. In the past computers were loaded with the Symantec software and they were either managed or unmanaged. With a managed client the computer communicated back to the server. This gave the administrator the capability to view all of the clients that were assigned to their account via a centralized server. With the unmanaged version, the administrator needed to deploy to each station and review the status of the nodes manually. For ease of management we will be deploying only managed units during this upgrade. Note: Exceptions will be addressed on a case by case basis and if approved, the unit will be documented for risk management purposes. (This software has been allotted for computing assets assigned to SFA.)