Objectives	Measurements	Criteria For Success	Initiatives	Results to Date
Improve SOC Vulnerability Assessment Outcome	SOC Vulnerability Assessment in April 2020. Qualsys report.	The April 2019 Vulnerability Assessment found 22 vulnerabilities. By April 2020, 75% of these vulnerabilities will be resolved. Qualys report on applications and websites reports no scores of C or below.	Vulnerability Assessment report review with SOC. Establish a Vulnerability Assessment team and project to work through and evaluate and resolve issues.	Underwent a second SOC vulnerability assessment in April. All vulnerabilities found in the previous assessment had been resolved. Vulnerability assessment is a moving target. The April 2020 testing uncovered about eight new vulnerabilities. In April we hired Valerie Smith, senior information security analyst. Valerie is running twice monthly vulnerability assessments and meets with a newly formed vulnerability assessment team monthly to review the results and create an action plan. Qualys reporting: The SOC was not consistent in its reporting from 2019 to 2020. We independently ran Qualys reports on all subdomains that scored C or below in April 2019 and took a sampling of a list of all Geneseo subdomains. All subdomains scored above a C.
Increase the number of faculty and staff that are backing up their computer using a best practice.	MISO Survey Application	Increase the number of primary devices using an approved backup solution	Evaluate the existing campus endpoint backup solution, Code42 Conduct a project to backup more devices using an approved backup solution.	The number of primary devices using Code42 has increased. The outcome of the evaluation of our backup solution changed our solution to securely back up the files and folders that users store in Google Drive and Microsoft OneDrive.
Increase the percentage of faculty and staff that are informed or somewhat informed about "Available Technology Services"	MISO Survey	A greater percentage of faculty and staff will report they are more informed about CIT's available technology services	Form a committee that will partner with marketing experts to create and conduct a campus-wide public relations campaign that informs faculty and staff about CIT's "Available Technology Services."	Faculty and Staff will not be surveyed by the MISO until spring 2022 A committee was not formed

Assessment 2020-2021 Plans

Objectives	Measurements	Criteria For Success	Initiatives	Results to Date
Improve overall business continuity by addressing endpoint security, and support and management of remote systems. (2020 - 2022)	% of endpoints with software installed	Next-generation anti-virus/endpoint detection & response software installed on all campus-owned systems	Explore endpoint software solutions Develop cost-benefit analysis
	yes or no	has distributed denial of service protection been deployed	Explore DDOS solutions Develop cost-benefit analysis
	yes or no	domain name system changes have been made to allow for immediate failover between data centers	System configuration
	% of systems migrated	Migrate existing web services to consistent cloud-based single-sign-on authentication AzureAD framework	Migrating CAS based services to Microsoft Azure SSO Migrating SimpleSAML services to Microsoft Azure SSO Assess security requirements for access to services such as MFA restricting users or networks they can be accessed from
	% of endpoints with software installed	endpoint compliance/software management solution installed on all campus-owned systems to allow off-network system management	Configure Microsoft Intune to manage policy on endpoints Setup a Cloud Management Gateway (CMG) Setup Public Key Infrastructure (PKI)

Assessment 2019-2020

Assessment 2020-2021 Plans