/
Assessment 2020-2021

Assessment 2020-2021

Aug 25, 2023

Objectives

Measurements

Criteria For Success

Initiatives

Strategic Planning Goal

Results to Date

Improve overall business continuity by addressing endpoint security, and support and management of remote systems. (2020 - 2022)1. % of endpoints with software installed1. Next-generation anti-virus/endpoint detection & response software installed on all campus-owned systems

1.

  • Explore endpoint software solutions
  • Develop cost-benefit analysis
F4.O3
  1. Multiple endpoint security solutions were explored and evaluated in "proof-of-concept" scenarios. Microsoft Defender for Endpoint was selected as the best fit for our campus, based on the management interface, cost, and technical fit. 

2. yes or no2. has distributed denial of service protection been deployed

2.

  • Explore DDOS solutions
  • Develop cost-benefit analysis
F4.O3

2. DDOS solutions remain cost-prohibitive for our campus at this time, but discussions remain open with various DDOS protection providers. SUNY is making arrangements to provide on-demand DDOS protection to campuses in need. We are also exploring the use of cloud services with built-in DDOS protection.


3. yes or no3. domain name system changes have been made to allow for immediate failover between data centers

3.

  • System configuration
F4.O33. Planned DNS changes have been held up by issues upgrading our F5 security appliances.

4. % of systems migrated4. Migrate existing web services to consistent cloud-based single-sign-on authentication AzureAD framework

4.

  • Migrating CAS based services to Microsoft Azure SSO
  • Migrating SimpleSAML services to Microsoft Azure SSO
  • Assess security requirements for access to services such as MFA restricting users or networks they can be accessed from

F4.O3

4. Policies defining which systems/applications require MFA, and the frequency of MFA are in place and are being regularly tuned to best fit the campus community.

Of 65 services 40 are migrated with 25 CAS/SAML services left to go. All services have two-factor authentication enabled thanks to the integration of our legacy CAS/SAML providers with AAD.


5. % of endpoints with software installed5. endpoint compliance/software management solution installed on all campus-owned systems to allow off-network system management

5.

  • Configure Microsoft Intune to manage policy on endpoints
  • Setup a Cloud Management Gateway (CMG)
  • Setup Public Key Infrastructure (PKI)

F4.O3

5. Explorations into PKI are in their infancy.

F1.O3 - Learning, Build a more effective and integrated learning and information infrastructure.

F4.O3 - Resilience & Sustainability, Design and maintain facilities for optimal support of learning.

Assessment 2021-2022 Plans

Objectives

Measurements

Criteria For Success

Initiatives

Strategic Planning Goal

Results to Date

Increase the number of faculty and staff that are backing up their computer using a best practice.
  • MISO Survey
  • Application

Increase the number of primary devices using an approved backup solution

  • Desktop Backup Evaluation
  • Extending our Backup Solution to Administrative Departments.

F4.O3

Several Administrative departments, such as Admissions, College Advancement, Facilities Services, and many more,  are now syncing key folders to the cloud where they are backed up by both the cloud service provider and a cloud backup solution. This work is continuing in 2021-2022.

Increase the percentage of faculty and staff that are informed or somewhat informed about "Available Technology Services"
  • MISO Survey

A greater percentage of faculty and staff will report they are more informed about CIT's available technology services


  • AskCIT
  • CIT Tech Days
  • CIT Service Catalog
F1.O3
Improve information security competency of the campus community
  1. KnowBe4 training completion

1.

  • 1% greater number of employees complete the training.

2% more students complete the training

1.

  • October Cybersecurity Awareness Month activities; in-person training; Credly Badge promotion; Security activity for students (e.g. Late Night escape room); CIT Tech Days presentation; campus posters
F4.O3

2. KnowBe4 phish failure rate

2.

  • Reduce employee phish failure rate from 4.9% in October 2021  by .5% by October 2022
  • Reduce student phish failure rate from 8.0% in October 2021 by .5% by October 2022


2.

  • Cybersecurity Awareness training; KnowBe4 phishing security test campaign landing page; Ad hoc training; campus posters
F4.O3
Decrease campus information security risk
  1. Nexpose score
  1. Decrease Nexpose score from 4.8 million by 15% by October 2022
  1. Monthly vulnerability tracking prioritization and remediation; Weeking scanning tool data; Monitoring for new vulnerabilities and exploits; 
F4.O3

2.

  • % of controls evaluated
  • % of controls where we now comply or accept risks identified
2. Achieve NIST 800-53 and 800-171 Compliance - all controls evaluated, compliance or acceptance reached. (2021-2023)

2.

  • Engaging with ISEC team and offices across campus to assess control compliance, develop compliance plans.
  • Leveraging SUNY Alfred intern to evaluate controls.
F4.O3

3. % of endpoints with software installed

3. Next-generation anti-virus/endpoint detection & response software installed on all campus-owned systems

3.

  • Install anti-virus/endpoint detection & response (EDR) software on every employee's primary computer.
  • Install EDR on secondary computers.
  • Install EDR software on servers.
F4.O3
Improve campus telephone system Evident
  • System upgrade
  • Kari's Law and Baum's Act compliance
  • Softphones deployed in proof-of-concept mode
  • Upgrade telephone system
  • Address compliance issues
  • Offer telephone option to support business continuity needs
F4.O3
Increase overall Canvas accessibility scores by 2%Ally Overview ReportAccessibility scores of our Canvas courses improve throughout the year
  • CIT Tech Days
  • Promotion of Ally use
  • Document remediation service
F1.O3
Increase use of Pages in Canvas Courses to 73%Instructure ReportIncreasing the percentage of courses utilizing pages to share information with students (rather than files). 
  • Promotion of Page use
  • Blog posts
  • Workshops
F1.O3

F1.O3 - Learning, Build a more effective and integrated learning and information infrastructure.

F4.O3 - Resilience & Sustainability, Design and maintain facilities for optimal support of learning.