department menu

Information Security Steering Committee Minutes

Information Security Steering Committee Meeting October 24th, 2014 | 2:00pm | Craven Hall

Agena Topics

  • Security Awareness Training
    • Required by the CSU for every employee upon hiring and at least every 3 years thereafter
    • Required annually by those who handle confidential information
    • Distributed through Learnerweb
    • To be implemented in November of 2014
  • Data Classification Survey
    • Goal is to find the location of all Protected Data stored on campus technology resources
    • Implemented via Survey Gizmo
    • To be implemented in November of 2014
  • Mobile Device Security
    • For employees who use a mobile device to access campus email/content
    • Access code required on the device
    • Tentatively to be implemented in the first quarter of 2015
  • Responsible/Acceptable Use Policy
    • CSU has publised a Responsible Use Policy
    • The campus Responsible Use Policy must be updated to reflect the new CSU policy
    • Tentatively to be updated in late December 2014
  • Local Administrator Rights
    • Anti-Virus software is no longer adequate to protect machines on campus
    • Exposure can be drastically reduced by taking steps to limit users' ability to inadvertently install malware
    • Exploring technology solutions that would "whitelist" and "blacklist" certain applications
    • For workstations identified as "High Risk" extra protection will be necessary
    • No implementation date scheduled currently
  • Identity Finder
    • Licensed by the CSU
    • Identifies and reports confidential information stored on computers
    • Tentatively to be implemented by department
    • No implementation date scheduled currently
  • Campus moving to Box cloud storage
    • For faculty and staff Box accounts have been created
    • Access through http://www.csusm.box.com
    • Eventually networked H:/ drives will be removed from service
  • Workstation Encryption
    • Whole disk encryption protects documents stored locally
    • Implemented on all new systems as of refresh 24
    • Implemented on all laptops
    • Implemented for employees with access to protected information
    • Email encryption to be implemented tentatively first quarter 2015