The university and its resources are under attack every day. However, by implementing stronger controls on privilege, and on all accounts for those resources, we can make the attackers work much harder to move around laterally and vertically.
Posts
A set of credentials is extremely valuable to a cybercriminal. You, however, can make them more difficult for an attacker to obtain by following the U’s password policies and IT security best practices.
When answering calls to your university phone number, please identify your affiliation with the University of Utah or University of Utah Health. Similarly, when recording voicemail greetings, please identify your U affiliation in the message.
As we prepare for holiday season, criminals are thinking about ways they can capitalize on current events and issues. By thinking ahead and staying alert, however, we can better prepare for potential phishing schemes, social engineering, and other cyberattacks.
Rule 4-004H: Remote Access outlines the requirements and responsibilities that U students, faculty, staff, and affiliates should follow to properly protect the university’s IT resources when connecting off-site to the U’s network for school or work purposes.
The former Air Force journeyman, who began his career at the U as a student employee in the Information Security Office, said he decided to stick around because he enjoyed the job so much, especially mentoring and training staff.
University Rule 4-004O: Security Awareness and Training mandates information security education to help users recognize IT security concerns and respond accordingly, and understand their information system security roles and responsibilities.
By next year, all VPN users are expected to switch to GlobalProtect, which will become the central VPN service for all University of Utah and University of Utah Health staff, faculty, students, and affiliates.
If the university and its community members don’t comply with Rule 4-004C: Data Classification and Encryption, they not only open the door for potential malicious attacks, they can also be held liable for not safeguarding the data.
Stucker will resume his responsibilities as associate director of ISO's Identity & Access Management team on Wednesday, September 1, 2021.
Node 4
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.