April, 2018 CIO Update
I think it might actually be Spring now! For this month’s entry, please see some news about continuous improvements to Blackboard, an overview of phishing and how we combat it at VCU, as well as a look at how our Information Security Office is organized.
Preparations are well underway for upgrading the VCU Blackboard System, which will begin at 8:00 pm on Tuesday, May 15th. The system will be unavailable until 8:00 pm on Wednesday, May 16th. Once the upgrade is complete and the system is ready for use, a notice will be posted in the Learning Systems blog.
This upgrade will place VCU Blackboard on version 9.1 Q4 2017, which will look and feel very similar to the current version. New features and updates are summarized below.
- Accessibility – Blackboard has incorporated ARIA landmarks in the course menu and the content area to better define the page structure and assist users with screen readers in navigating page elements.
- Blogs and Journals – Increased optimization for use on mobile devices. Posts and comments composed with responsive content will render on smaller devices. Options for filtering posts or navigating groups or users will appear below currently viewed posts.
- Discussion Boards – The new count and filter view, “Replies
to Me”, makes keeping up with large Discussion Board forums is easier for participants.
- Collaborate Ultra – Collaborate sessions can now be added to group pages and permissions can be set to allow students to share content, use the whiteboard, and create recordings.
Additional enhancements in this release include more “drag and drop” locations, updated math editor for chemistry-specific functions, improved grading with rubrics and updates to the SCORM engine. More details about the features included in this upgrade can be found in our askIT knowledge base.
Blackboard Infrastructure Updates
Learning Systems has worked closely with Blackboard Managed Hosting to complete a thorough analysis of existing infrastructure, taking into account projected usage in 2018. As a result, we are happy to announce that we have scaled our application servers and resized the Blackboard database, practically doubling our virtualized server deployment in the existing application server cluster! This will help to accommodate for the continued growth that we have been seeing year-over-year and offers some much-needed performance improvements.
Phishing at a Glance
Phishing email scams are considered by many security experts to be the most common shortcut for gaining access into an enterprise’s network. It is a relatively low effort attack that can often yield at least one response. An organization’s security department can have many hi-tech devices/rules to prevent intruders, but a phishing attack targets the most vulnerable and valuable resource of an organization, the employees.
We help the VCU community email spot phishing emails by user education, mandatory security trainings, and simulated phishing exercises in which we send mail that has characteristics of a phishing email and provide education to those who respond. We are proud to announce that in the last 6 months of the Information Security Office monitoring phishing emails our click rate is 124 / 7510 or 1.6%. This is a significant reduction in previous click rates, and we ask the community to keep up the great work. Please continue to report potential phishing scams, or any concerns about validity of any email you receive to firstname.lastname@example.org. Also, check out our Phishing alert page, “Phishing Net,” for updates on the latest scams affecting the University.
The Information Security Office believes that awareness of potential phishing emails is the best way we can combat unauthorized access from phishing. We will be rolling out our new awareness campaign soon, with the ultimate goal of a click rate approaching 0%.
VCU Information Security Office Overview
The VCU Information Security Office strives to provide an environment that will secure and maintain the confidentiality, integrity, and availability of information technology resources that are central to the University’s mission critical operations of education, research, service, and administration.
Leading this office is Dan Han, VCU’s Chief Information Security Officer. Mayura Patel serves as the Deputy Director for this office. This office consist of four integrated areas that support VCU’s Information Security needs.
Security Operations Team
Led by Ryan Neilson, this team focuses on Intrusion Detection, Incident Response, Security Policy, and Risk Management. The Intrusion Detection and Incident Response efforts include identifying threats relevant to the university, monitoring for those threats, and working with IT staff to remediate any incidents that may occur. The Policy and Risk management efforts aim to create and apply policies/procedures that help align the overall security posture of the data stewarded by VCU. This includes the phishing training required for all faculty and staff.
This role is handled by Guy Broome, who operates in a consulting role to other teams, both within Information Security and among other departments/divisions, to facilitate the design, planning, and implementation of large-scale projects. Day-to-day tasks for this role can range from composing infrastructure design diagrams and process workflows, to interfacing with vendors and contractors, and even server administration.
Security Engineering Team
Led by Shane Conner, this team is responsible for deploying and maintaining a wide range of systems that help protect the VCU IT environment. This includes the University’s Directory Services eDirectory and Active Directory environments, which are both used for authentication to most IT services provided to the VCU community. They are also responsible for endpoint security solutions, such as the Sophos Anti-Virus platform and the Dell Data Protection Encryption (DDPE) system that’s used for encryption compliance. This team is also leading the implementation of our new Identity & Access Management solution, which will modernize our account management and access processes.
Thanks to all of you attended the Division meeting earlier this month, and particular thanks to those who presented. Have a great Spring!