Data Security Initiative Progress

Post

I. Develop and document systems and practices to protect our data including Governance, Risk Management, Cyber Security, Identity, and Access.

  2018-2019 2019-2020 2020-2021
Update Administrative Regulation 6006 Approved by ITAC
Spring 2019
Adopted
Fall 2019
 

II. Implement standards as adopted and developed by the CCC Security Center:

  2018-2019 2019-2020 2020-2021
Information security policies, regulations, and business processes will be adopted, derived, and aligned with the currently adopted CCC’s Information Security Standard.
CCC Information Security Standard Adopted
Fall 2018
   
CCC Data Classification Standard Adopted
Fall 2018
   
Best Practice: Procedures for Sharing Files and Folders in OneDrive Adopted
Spring 2019
   
Best Practice: Password Creation Updated to better align
with current standards
Spring 2019
   
Procedure: Dealing with PII in Outlook and OneDrive Adopted
Summer 2019
   
Standards: Multi-Factor Authentication   Adopted
Fall 2019
 
Procedure: Disposal, Donation, and Transfer of Computer Equipment   Adopted
Fall 2019
 
Standard: FERPA Protected Data   Adopted
Spring 2020
 
Standard: Screen Saver Timeouts   Adopted
Spring 2020
 
Standard: Vendor Risk Management   Adopted
Spring 2020
 
Standard: Access Control     Adopted
Fall 2020
Standard: Working Remotely     Adopted
Fall 2020
Standard: Disaster Recovery     Adopted
Spring 2021
Standard: Incident Response   Update existing plan to better align with NIST standards Adopted
Spring 2021

III. Utilize the tools and services offered by the CCC Security Center, including:

  2018-2019 2019-2020 2020-2021
Splunk: Correlates real-time data for threat analysis. Baseline Implemented
Fall 2018
Phased Rollout
Spring 2020
Continued Integration
Fall 2020/ Spring 2021
Tenable Security Center: Provides real-time vulnerability scanning. Baseline Implemented
Fall 2018
  Reimplemented
Spring 2020
Spirion: Provides data loss prevention (scans for SSN, credit card numbers, etc.). Baseline Implemented
Spring 2019
Phased Rollout
Fall 2019
On-hold
Vulnerability Assessments.   Annual Assessment
Spring 2020
Annual Assessment
Spring 2021
Phishing Assessments.   On Hold
Spring 2020/ Fall 2020
On-hold
Fall  2020/ Spring 2021
Penetration Testing.   Annual Assessment
Fall 2020
Annual Assessment
Fall 2021

IV. Request funds, purchase and implement various industry-recognized tools and services designed to support the policies and standards adopted above:

  2018-2019 2019-2020 2020-2021
Microsoft SCCM: Expand the use of applicable security-related features. Implemented a Local
Administrative
Password Solution
Spring 2019
Ongoing Ongoing
Microsoft Outlook and OneDrive: Provide data loss prevention for email and file storage. Completed
Fall 2018
   
Jamf: Automate patching, upgrades, audit security events, and hardening for Apple computers.   Baseline Implementation
Summer 2020
Continued Integration
Fall 2020/ Spring 2021
PortalGuard: Provide 2-factor authentication, single sign-on, and self-service password reset. Self-service Password
Completed
Spring 2019
2-Factor Authentication/ Single Sign-on
Completed
Fall 2019
Additional Features
Spring 2021
Research and implement a next-generation antivirus solution (Cylance chosen). Administrative  Network Completed
Spring 2019
  Computer Labs Planned
Spring 2021
Research the value of a network monitoring service to detect high-level attacks (SecureWorks chosen). Baseline Implemented
Spring 2019
Completed
Spring 2020
 
Appsian (previously Greyheller) Application Firewall: Provides various security layers for PeopleSoft data.     Planned
Fall 2020/ Spring 2021
Research the value of endpoint snapshot tools for instant recovery (Microsoft Unified Write Filter chosen).   Completed
Summer 2020
 
Research and implement next-generation firewall for intrusion prevention (Palo Alto chosen).   Completed @ PCC
Summer 2019
Completed @ LAC
Summer 2020
Research and implement a Password Access Management (PAM) solution to manage administrative accounts.   Research 
Summer 2019  (Project Deferred Spring 2022)
 
Security Awareness Training. Research New Vendors
Summer 2019
  On-hold
Spring 2020/ Fall 2021