Members of the State Board of Higher Education got a glimpse into the networked world of physical and digital infrastructure last week during an in-depth presentation from Core Technology Services leadership.
Deputy CIO Darin King and IT Security Officer Brad Miller provided details on CTS’ plans moving forward. King touched on organizational changes, procedures and processes, and what CTS saw on the horizon.
He began by noting how the organization had been restructured to allow for improved security processes – including security reports – to be streamlined. King said additionally, CTS has spent the last 12 months taking a broad view of the security atmosphere in the university system.
“We started shortly after a security incident with an internal CTS security team to really understand where the quick wins were and what we could get in place quickly,” King said. “We did bring in an external consultant who used the same tools we used to cross-check what we had determined and see what someone from the outside would say.”
King said that monthly training kept awareness of current and ongoing topics high among CTS employees.
Miller spoke next on data classification, specifically why and how it came about. He stated that in order to know what to protect, it was important to know exactly what the data was. That prompted reviewing the data classification and information security standard, which provided insight into the level of protection for each class of data. Security officers from each campus provided input through the process.
Miller also spoke about intrusion detection and prevention systems that are currently in place for the university system. He also noted that multi-factor authentication is currently being implemented on a number of different systems that need additional layers of security.
King concluded the presentation by noting that the Board could likely see policies presented at further meetings later this year or next.