department menu

Week 4 - Upcoming Information Security Initiatives

For our final week of National Cybersecurity Awareness Month, we're excited to present some of our upcoming Information Security initiatives!  This week we'll be discussing things like the 2020 Data Classification Survey, all new Information Security & Privacy training, some new features being added to GlobalProtect.

2020 Data Classification Survey

In November, the Information Security Office will be sending out our annual Data Classification Survey.  The Data Classification Survey is a mandatory survey for all faculty and staff as required by CSU Information Security Policy (ICUSAM Section 8000). You will be asked questions about your access to confidential and/or sensitive data as well as disposal and storage practices.

Your answers to these questions will allow the IITS Information Security Office to respond appropriately in the event of a security breach on campus. It will also help guide our efforts to make sure campus information is secure. This survey is multiple choice/fill-in-the-blank and short answer questions.

It will vary in length depending on how you answer each section. If you do not handle Level 1 data, this survey will be very short. If for some reason you can not finish the survey in the allotted time, you can continue the survey by opening the original link.

New Data Security & Privacy Training through CSULearn

The CSU Chancellor's Office has provided all campuses with a new training platform called CSULearn.  Starting January 2021, CSULearn will be used to provide Information Security & Privacy training to all members of the campus community.  CSULearn can be accessed on the CSUSM Employee Training Center webpage.  When the Information Security & Privacy training as been assigned to you, you will receive an email from CSULearn asking you to complete the training.  Completing the training is required annually for all users who handle level 1 data, and every 3 years for other users. 

New GlobalProtect Features

Mutli-Factor Authentication

The first new GlobalProtect feature we will be adding is multi-factor authentication to GlobalProtect when you connect.  Once implemented in early 2021, users will be prompted for an additional authentication factor when they connect to GlobalProtect.  When you log in now, you provide your username and password.  With Duo Authentication, users will be sent an email with a one-time password, or have a notification sent to their phone to increase the security of their accounts.  More information on Duo at CSUSM can be found on the Multifactor Authentication webpage.

HIP Checks

In addition to adding Duo multi-factor authentication to GlobalProtect, we are going to be implementing a new feature that will check your off-campus machine for critical security vulnerabilities.  This new feature is called a "Host Information Profile" or "HIP" check.  GlobalProtect already collects information about the machines that connect to it, and we are going to use that information to provide an extra layer of security when accessing confidential information and critical systems.

Users that regularly handle confidential information or access critical systems will be required to configure their off-campus device from which they are connecting to GlobalProtect to:

  • Run Windows 10 or Mac OSX version 11 or version 10.15
  • Is not missing any security updates
  • Have a local firewall enabled and 
  • Is running an anti-virus program

You will be notified whether or not your computer meets the requirements when you connect to GlobalProtect.