Stephen F. Austin State University

IT Security

Introduction

The role of IT Security at Stephen F. Austin State University is to ensure the confidentiality, integrity, and availability of university data, information, communications, and services.

To promote secure information technology systems, IT Security also educates users; assesses and identifies new architectural requirements; and consults in the areas of security risk, practice, policy, and technology. IT Security also provides the coordination of security incident investigation and response.

SFA works in cooperation with other state agencies and higher education institutions to secure campus information.

Security Awareness Training

Beginning immediately, the new security awareness training package is available across campus. Employees required to take the training will be notified through the myTraining system. Some employees are automatically required based on their access to information and role within the university detailed in the attached guidelines documentation. For employees not automatically required to take the training, it is the director's or department head's responsibility to determine if the employee has access to confidential or sensitive information and therefore should participate in the training. ITS developed a mechanism for the directors and department heads to mark other employees as needing the training as well as a proxy function so this process can be delegated. Note, the update will occur in an nightly upload to myTraining meaning employees will have next day access to the training.

Security Awareness Training Guidelines

Employee Security Awareness Training

Student Security Awareness Training

For questions, please contact the IT Security office.

Current Events

Meltdown/Spectre Vulnerabilities

ITS is currently testing the patches released from Microsoft. All SFA owned computers that are connected to the domain will receive the patches once this testing cycle has completed. All users are advised to patch their home machines as directed by the manufacturer. For more information on the Meltdown/Spectre vulnerabilities please read this release from the Multi-State Information Sharing and Analysis Center: Meltdown/Spectre Security Advisor.pdf.

Data Scoping

Starting in February, the IT Security office will send out a data scoping questionnaire to all Faculty and Staff to determine what data resides outside of ITS managed storage. This assessment will aim at both discovery and identification of data, but also to inform and educate the proper use, storage, and transfer of SFA data.

Symantec Endpoint Protection Version Upgrade

IT Security and Tech Shop are working to update all clients to the new version 14.1. Endpoints that have the older version installed will sync and download the update, but will ask for permission to restart during normal business hours. If the postpone option is selected during the restart prompt, a restart will occur between the hours of 23:00 and 03:00.

Quarterly Vulnerability Assessment

DIR has assessed SFA's network security by conducting a Vulnerability Assessment. This assessment will be performed on a quarterly basis throughout the year. The outcome of these engagements will assist SFA in gauging our security posture based on the results that we receive.