Staring down cyber threats

Staring down cyber threats

For a majority of Queen’s staff, faculty and students, computers and other electronic devices are vital for doing their job, conducting research or carrying out their scholarly activities. As the use of information technology has increased, though, so too has the risk to these resources and the sensitive information they allow users to access. During Cyber Security Awareness Month this October, ITServices has mounted a public campaign to educate people about safe computing. George Farah, Information Systems Security Officer, sat down recently with Mark Kerr, Senior Communications Officer, to discuss the threats and the new information security policy framework the university has in place to tackle the issue.

October 23, 2014

Share

Mark Kerr: What threats does Queen’s face?

George Farah: Every year, we see thousands of attacks and that number is increasing. Queen’s and other universities are now facing a more diversified threat landscape that includes very determined and skilled hackers.

Organized cyber criminals are targeting large repositories of personal data for identity theft and other financial gain. These attacks threaten the availability, integrity and reliability of university systems and the intellectual property we handle.

George Farah, Information Systems Security Officer, encourages staff, facutly and students to brush up on their safe computing practices to preserve the integrity and reliability of the university's IT infrastructure.

MK: What can people do to limit the impact of the threats?

GF: One of the best things people can do is understand safe computing practices. We have posted on the ITServices website a list of 10 things they can incorporate into their daily activities to help protect their information and equipment.

As part of our awareness and education campaign, we are offering a new information security training course for staff, faculty and students. It is available online through Moodle so people can complete it at their desk on their own time. The course will give them information about the threats we face on campus and point to the key behaviours we encourage for safe computing.

MK: What is the purpose of the Electronic Information Security Policy Framework, which was adopted by the university earlier this year?

GF:  The three primary policies within the framework clearly outline the responsibilities staff, faculty and students have when it comes to preserving the integrity and reliability of the university’s IT infrastructure and the confidentiality of valuable or sensitive information. These policies are supported by standards and guidelines, which are like checklists that tell people what they need to do manage the various threat risks we face.

MK: Do individuals and units have to comply with the framework and guidelines right away?

GF: No, the intention is not to be compliant from day one. It’s a process through which ITServices will collaborate with IT partners across campus and provide the best support structure we can within our staffing means.

MK: What is Queen’s doing to help staff, faculty and student comply with the framework?

GF: The university is looking at different initiatives to provide support for key areas. One example is for encryption, which users must do if they are transporting sensitive information on a portable computer or device or sending that information to others electronically. When we started talking with the General Research Ethics Board and the Health Research Ethics Boards about encryption, we understood that some faculty members required assistance for that particular process. The ITServices Support Centre responded by offering free support for faculty, in addition to posting the instructions on our website. We are looking at these are the types of supports as we work toward compliance.

Visit www.queensu.ca/its for more information