Technology by default is insecure and the University must ensure that implementing new technology does not introduce new or additional risk to students or the campus. New devices (laptops, tablets, smartphones, etc.) are network-centric and vulnerable to cyber attacks. ITS routinely uses tools and resources to conduct security assessments before integrating and implementing new technology. This vulnerability assessment project provided for independent security verification in all critical phases of student success fee project implementation, including post-implementation review of all projects' integrity.
Vulnerability assessment is not a static project with a specific beginning and end. Instead it requires continual observation, acquisition and implementation of appropriate tools, activity monitoring, assessment of data, anticipation of threats and immediate response to vulnerabilities and incidents. The tools required for the five 2012-2013 student success fee projects were purchased, implemented and used to assess and, if necessary, remediate security findings prior to the rollout of each project. This resulted in a secure, successful implementation with no vulnerabilities identified post-implementation. This success resulted in approval of student success fees to fund additional project-specific tools for academic years 2013-14 and 2014-15.
Cyber attacks are costly, disruptive and time-consuming to resolve. Fraud and identity theft are often the direct result of insufficient or inadequate network security measures. Regular vulnerability assessments are an important step in protecting our students from these threats.