Loyola University Chicago

Information Technology Services

Security Initiatives (PIRG & Audit Related) - PII Policy and Tool Implementation

May 2010
Sponsor: Enterprise Project (Sibenaller) / Project Manager: Lauger / Health:

  • The PII program for 2010 has been initiated and Data Steward training sessions completed.
  • Encryption of remaining University computers has begun and will occur via the ITS PC refresh program.
  • The Information Security Advisory Council (ISAC) is continuing its risk-based review of information security items and will present a prioritized list of projects to the the ITESC in Summer.
  • Next Steps: 1) Complete data steward training and initiate annual scans for 2010 (PII 2010); 2) ISAC to complete the information security assessment and present to the ITESC. 

March 2010
Sponsor: Enterprise Project (Sibenaller) / Project Manager: Lauger / Health:

  • The PII program for 2010 has been initiated with data steward training sessions scheduled for late March. Encryption of any remaining university computers has begun and will occur via the ITS PC refresh program. The Information Security Advisory Council (ISAC) is continuing its risk-based review of information security items and will present a prioritized list of projects to the ITESC in the Spring.
  • Next Steps: (1) Complete data steward training and initiate annual scans for 2010 (PII 2010). (2) ISAC to complete the information security assessment and present to the ITESC.

December 2009
Sponsor: Enterprise Project (Sibenaller) / Project Manager: Lauger / Health: 

  • 2009 PII scanning and encrypting has been completed with PII found on 575 computers (25%0 and 1300 computers encrypted (56%).
  • Project to encrypt all computers is in pilot.
  • Information Security Advisory council (ISAC) has been formed to advise the projects and priorities of the University Information Security Office.
  • PCI certification for 2009 is complete.
  • Next Steps:
    (1) Initiate annual scans for 2010 (PII 2010), (2) Implement encryption on all workstations, (3) ISAC to review draft policies created for PCI certification and move them through the University policy process.

August 2009
Sponsor: Enterprise Project (Sibenaller) / Project Manager: Lauger / Health: 

  • Over 99% complete with two departments remaining.
  • PII found on 25% of devices scanned.
  • Received approval from the ITESC to "encrypt all" going forward and rollout enterprise management software.
  • Next Steps:
    (1) Complete follow-up on remaining departments.

Sponsor: Enterprise Project (Sibenaller) / Project Manager: Lauger / Health: 

  • Information Security Advisory Council established and held initial meeting.
  • Three audits conducted over summer: Deloitte (annual external audit), Halock penetration testing and SMART application audits on RMS, Maxxess, and BSR Advance.
  • Final Reports from Deloitte and Halock included no major findings; several observations noted in both reports to tighten our security position.
  • SMART report expected in Sept/Oct.
  • Next Steps:
    (1) Assess and implement recommendations as appropriate.

May 2009
Sponsor: Enterprise Project (Sibenaller) / Project Manager: Lauger / Health:

  • Approximately 90% complete with computer reviews.
  • PII found on 25% of devices scanned.
  • Next Steps:
    (1) Complete follow-up with remaining departments, (2) Perform data validation, (3) Modify process to "encrypt all" moving forward and roll out encryption management software.

March 2009
Sponsor: Enterprise Project (Sibenaller) / Project Manager: Yun / Health:

  • Approximately 75% complete with computer reviews.
  • PII found on 33% of devices scanned.
  • Next Steps:
    (1) Complete follow-up with remaining departments, (2) Perform data validation, (3) Modify process to "encrypt all" moving forward.

 

November 2008
Sponsor: Enterprise Project (Sibenaller) / Project Manager: Yun / Health:

  • The project health has changed from Green to Lime due to questionable re-assessment results concerning departmental coverage, scanning results and encryption tracking. Project tracking and follow-up efforts revitalized as a result.
  • To date 966 devices have been scanned and reviewed for PII. PII has been found on approximately 28% of all devices. Five-hundred and forty-one devices have been encrypted.
  • Training completed for 93 of the 94 Data Stewards.
  • Scanning and encryption of devices will continue into Q3 of FY09.
  • Next Steps:
    (1) Complete Data Steward training, (2) Continue follow-ups and monitoring of program, (3) Identify awareness improvements, (4) Define long-term strategy for encryption for all devices across LUC.

August 2008
Sponsor: Enterprise Project (Sibenaller) / Project Manager: Yun / Health:

  • Data steward training sessions are being conducted. Target completion during Q4 of this year.
  • To date more than 1,000 devices have been scanned and reviewed for PII. Received responses from 36 of 38 departments.
  • Conducted two town hall meetings and facilitated a new PII overview for new faculty orientation.
  • In process of training for the Office of the President, General Counsel and Capital Planning.
  • Next Steps:
    (1) Follow up on any outstanding requests to identify data stewards, (2) Follow up on remaining department head hours.

August 2008
Sponsor: Enterprise Project (Sibenaller) / Project Manager: Cothern / Health:

  • Met with the project team to review status, update project plan and determine additional user awareness tasks.
  • Discussed results of Phase II (Sullivan) Data Steward Training--overall success rating 4.5 out of 5.0.
  • Designed additional university awareness tasks, assigned task ownership and completion milestones.
  • Reviewed critical in scope departments for Phase III.
  • Next Steps:
      (1) Submit and updated project plan to Security to review; Submit security-approved updated project plan to Project Sponsor for review and signoff, (2) Meet with Joe Bazeley to review project reporting structure and communication, (3) Develop assigned user awareness collateral.