The role of IT Security at Stephen F. Austin State University is to ensure the confidentiality, integrity, and availability of university data, information, communications, and services.
To promote secure information technology systems, IT Security also educates users; assesses and identifies new architectural requirements; and consults in the areas of security risk, practice, policy, and technology. IT Security also provides the coordination of security incident investigation and response.
SFA works in cooperation with other state agencies and higher education institutions to secure campus information.
-Texas Cyber Security Framework
During the last quarter of 2014 SFA conducted a comprehensive investigation of the university's current security status. Using the DIR's (Department of Information Resources) Texas Cyber Security Framework as a template, the security staff was able to evaluate key areas of SFA's IT architecture. Overall the campus has a strong security posture, but there is always room for improvement. This framework will assist in this process by giving the university a baseline to measure the health of information security from this point on.
- Security Awareness Training (Securing the Human)
The goal of this training is to educate end users on best practices concerning decisions made on the university's network. This annual training fulfills the requirements for end user awareness training addressed by the Texas Administrative Code: 202.77. It states, "Institutions of higher education shall provide an ongoing information security awareness education program for all users." This training is scheduled for deployment in the first quarter of 2015.
- Vulnerability Assessment
The DIR has assessed SFA's network security by conducting a Vulnerability Assessment. This assessment will be performed on a quarterly basis throughout the year. The outcome of these engagements will assist SFA in gauging our security posture based on the results that we receive.
- Symantec Endpoint Protection Upgrade
SFA has renewed its license with the anti-virus suite known as Symantec Endpoint Protection Manager (SEPM). This upgrade will give the university an opportunity to revamp the way anti-virus software has been managed thus far. In the past computers were loaded with the Symantec software and they were either managed or unmanaged. With a managed client the computer communicated back to the server. This gave the administrator the capability to view all of the clients that were assigned to their account via a centralized server.
With the unmanaged version, the administrator needed to deploy to each station and review the status of the nodes manually. For ease of management we will be deploying only managed units during this upgrade.
Note: Exceptions will be addressed on a case by case basis and if approved the unit will be documented for risk management purposes. (This software has been allotted for computing assets assigned to SFA.)