I. Introduction
Cyber security was a hot topic in the past year. The Edward Snowden incident attracted lots of press coverage and aroused general public’s concern on data privacy. Also, popularization and advancement of hacking techniques have led to increase in number of security incidents. While victims are used to be commercial sectors, there is an increasing trend that tertiary institutions are also targeted.
II. Measures Taken
Facing this ever increasing threat, ITSC has strengthened our IT security measures using different strategies:
Preventive Measure
- ITSC periodically conducts vulnerability scanning exercise for all machines connected to the campus network. Such exercise allows us to discover machines which have vulnerable software installed, or machines which are lacking updated security patches. Owners of the machine are notified to rectify the issue.
Proactive Measure
- ITSC has upgraded the Internet border firewall to improve our ability to detect malicious network activities. Machines with symptoms of infection are disconnected from network immediately.
Reactive Measure
- Internally, we have formed an IT security incident response team. Each department has also assigned a colleague to take up the new role of Computer Security Coordinator (CSC). Under this new framework, our team can work closely with CSC to handle campus IT security incidents in an effective manner.
User Training
- Several trainings, namely “Introduction to IT Security and Desktop Protection”, and “Education Campaign on Data Privacy Protection” were conducted and received full-house attendance and high user rating.
III. Upcoming Exercises
- To roll out secure remote access service (Virtual Private Network, or VPN in short) so as to enhance network access security from outside campus
- To explore tools and process that can further strengthen the security of desktop PC environment
- To evaluate data encryption tools
- To provide regular IT security training and extend the current scope of topics
|