For our final week of National Cybersecurity Awareness Month, we're excited to present some of our upcoming Information Security initiatives! This week we'll be discussing things like the 2020 Data Classification Survey, all new Information Security & Privacy training, some new features being added to GlobalProtect.
In November, the Information Security Office will be sending out our annual Data Classification Survey. The Data Classification Survey is a mandatory survey for all faculty and staff as required by CSU Information Security Policy (ICUSAM Section 8000). You will be asked questions about your access to confidential and/or sensitive data as well as disposal and storage practices.
Your answers to these questions will allow the IITS Information Security Office to respond appropriately in the event of a security breach on campus. It will also help guide our efforts to make sure campus information is secure. This survey is multiple choice/fill-in-the-blank and short answer questions.
The CSU Chancellor's Office has provided all campuses with a new training platform called CSULearn. Starting January 2021, CSULearn will be used to provide Information Security & Privacy training to all members of the campus community. CSULearn can be accessed on the CSUSM Employee Training Center webpage. When the Information Security & Privacy training as been assigned to you, you will receive an email from CSULearn asking you to complete the training. Completing the training is required annually for all users who handle level 1 data, and every 3 years for other users.
The first new GlobalProtect feature we will be adding is multi-factor authentication to GlobalProtect when you connect. Once implemented in early 2021, users will be prompted for an additional authentication factor when they connect to GlobalProtect. When you log in now, you provide your username and password. With Duo Authentication, users will be sent an email with a one-time password, or have a notification sent to their phone to increase the security of their accounts. More information on Duo at CSUSM can be found on the Multifactor Authentication webpage.
In addition to adding Duo multi-factor authentication to GlobalProtect, we are going to be implementing a new feature that will check your off-campus machine for critical security vulnerabilities. This new feature is called a "Host Information Profile" or "HIP" check. GlobalProtect already collects information about the machines that connect to it, and we are going to use that information to provide an extra layer of security when accessing confidential information and critical systems.
Users that regularly handle confidential information or access critical systems will be required to configure their off-campus device from which they are connecting to GlobalProtect to:
You will be notified whether or not your computer meets the requirements when you connect to GlobalProtect.