Stephen F. Austin State University

IT Security

Introduction

The role of IT Security at Stephen F. Austin State University is to ensure the confidentiality, integrity, and availability of university data, information, communications, and services.

To promote secure information technology systems, IT Security also educates users; assesses and identifies new architectural requirements; and consults in the areas of security risk, practice, policy, and technology. IT Security also provides the coordination of security incident investigation and response.

SFA works in cooperation with other state agencies and higher education institutions to secure campus information.

Security Awareness Training

IT Security is beginning the transition to a new security awareness training platform. The previous "Security Basics" training is no longer available through myTraining. The new modules will be available staring in early November, and will be delivered through myTraining with additional trainings available upon request through the new training portal.

The PCI and Red Flags trainings are still available through myTraining for Faculty and Staff, and will be transitioned to the new modules later in the year.

For questions, please contact the IT Security office.

Current Events

Meltdown/Spectre Vulnerabilities

ITS is currently testing the patches released from Microsoft. All SFA owned computers that are connected to the domain will receive the patches once this testing cycle has completed. All users are advised to patch their home machines as directed by the manufacturer. For more information on the Meltdown/Spectre vulnerabilities please read this release from the Multi-State Information Sharing and Analysis Center: Meltdown/Spectre Security Advisor.pdf.

Data Scoping

Starting in February, the IT Security office will send out a data scoping questionnaire to all Faculty and Staff to determine what data resides outside of ITS managed storage. This assessment will aim at both discovery and identification of data, but also to inform and educate the proper use, storage, and transfer of SFA data.

Symantec Endpoint Protection Version Upgrade

IT Security and Tech Shop are working to update all clients to the new version 14.2. Endpoints that have the older version installed will sync and download the update, but will ask for permission to restart during normal business hours. If the postpone option is selected during the restart prompt, a restart will occur between the hours of 23:00 and 03:00.

This update will only affect Windows computers. Mobile devices, laptops, and Mac systems will receive updated in October.

Quarterly Vulnerability Assessment

DIR has assessed SFA's network security by conducting a Vulnerability Assessment. This assessment will be performed on a quarterly basis throughout the year. The outcome of these engagements will assist SFA in gauging our security posture based on the results that we receive.