Security Improvements Program
The Security Improvements Program comprises a suite of projects aimed at mitigating cyber security risks to protect UQ and its wider community.
Benefits to UQ
The program will have several benefits to UQ, including:
- improved protection against cyber security threats
- increasing UQ’s cyber security maturity and capabilities
- protection of UQ’s information assets including personal data and intellectual property of staff, students and the wider UQ community
- educating the UQ community on cyber security threats and how to better protect themselves both at UQ and in their personal lives.
Key projects
Multi-Factor Authentication
The Multi-Factor Authentication (MFA) project will help UQ to manage cyber security risks and protect your data and UQ systems against phishing and compromised or stolen credentials.
MFA provides an extra layer of security to validate the identity of the person who is logging in to UQ web services and systems.
It is a two-step process that involves verification of your identity through:
- something you know (such as your UQ password)
- something you have (such as a mobile phone application or hardware token).
This means, even if your password is compromised, a criminal won’t be able to access your account without the second factor.
A pilot is currently underway with around 350 IT staff. Following feedback, the MFA service will be deployed to all UQ IT staff, and then progressively rolled out across the University.
Cyber Security Culture
Changing our Cyber Security culture is a fundamental control for mitigating the risk of attacks that rely on weakness in people and processes. It will be an ongoing element of UQ's cyber security management program.
The Cyber Security Culture project aims to:
- create a culture of awareness and behaviour conducive to safe cyber security practices
- promote the importance of cyber security to enable better acceptance of cyber security practises and controls which may impact users.
These aims will be achieved through:
- providing sufficient knowledge about cyber security for staff to perform their roles effectively
- engendering behaviour change around how the UQ community approach security
- encouraging a culture where “cyber security is everyone’s responsibility”.
Endpoint Security Upgrade
The Endpoint Security Upgrade was completed throughout 2019.
This upgrade involved upgrading our existing endpoint protection (anti-virus) solution, Sophos, to a more comprehensive solution offered by Symantec. The new Symantec solution is an evolved product that better recognises and mitigates threats that have not previously been seen. It is capable of integrating with other security controls to provide an enhanced overall security architecture.
Endpoint protection is considered an effective and fundamental cyber security control to protect user desktops and laptops as well as servers from malicious code execution, ransomware and other cyber threats. Endpoint protection solutions also provide increased visibility of endpoints to assist in cyber security incident detection and remediation.
Outputs of this project include protecting staff computers and servers against the risk of malware, which also protects against:
- information exposure or loss
- account compromise to gain access to other IT systems and services
- use of systems for SPAM delivery, hacking or digital currency mining
- loss or impairment of IT services.
Further outputs include:
- increased visibility of activity on staff computers and servers to improve cyber incident detection and remediation.
- providing a multi-layered IT security solution that will increase our ability to stop malicious activity/actors from traversing though the UQ IT infrastructure.
Drive Encryption
Currently, data on staff laptops is not encrypted. This project will enable a feature on staff laptops that will automatically encrypt the data on them. Drive encryption will help to protect our staff’s personal data, intellectual property, and UQ data against compromise if the laptop is lost or stolen.
Application Security Testing
Penetration testing will be carried out against five critical and high-risk applications to determine security vulnerabilities.
Application Security Audits
A detailed risk assessment will be performed for 20 high-risk applications, including two research applications. This assessment will help identify security risks and enable UQ to more effectively implement actions to mitigate these risks.
Identity Management– Online Password Resets
We are developing an online capability for UQ users to recover their passwords via a portal on the my.UQ website. This will streamline the process for users to recover forgotten passwords, and help mitigate against the threat of compromised accounts.
School of Business Cyber Security Review
ITS is working with the School of Business to review how well cyber security risk is being managed in the School of Business, and undertake activities to improve the School of Business’ cyber security posture.
Timeline
Projects within the Security Improvements Program will be rolled out throughout 2019 and 2020.
Teams
Program Team
Name | Role |
Paul Sheeran | Program Owner |
Marc Blum | Security Architect |
Dusan Kamenov | Project Manager |
Shelly Mills | Communications and Project Officer |
Sue Bamber | Change Manager (MFA) |
Roy Duncan | Technical Lead (MFA) |
Steering Committee
Name | Role |
Rob Moffatt | Chief Information Officer and Program Sponsor |
David Stockdale | Deputy Director, IT Infrastructure Operations, ITS |
Rowan Salt | Deputy Director, Applications Delivery and Support, ITS |
Paul Sheeran | Associate Director, IT Governance, ITS |
Gary Stefano | Associate Director, Customer Support Services, ITS |
Daphne Drewes | Associate Director, Enterprise Risk, Enterprise Governance |
Ryan Ko | Chair of Cyber Security, Faculty of Engineering, Architecture and Information Technology |
Marc Blum | Security Architect, ITS |
Dusan Kamenov | Security Improvements Project Manager, ITS |