About
The Office of Information Security helps protect people and their information by identifying and managing risk. We develop information security strategy and work with the University community to set information security policies and priorities. We identify where new information security controls are needed or existing security controls can be improved, maintain awareness of information security trends, and communicate with the University advising on all things information security.
News
Even though National Cybersecurity Awareness Month has concluded, it is important to remain aware throughout the rest of the year. The computer-based security awareness training includes modules on Malware, Mobile Security, Passwords, Phishing, Physical Security, Third Party Websites, and Unintended Disclosures. To access the training, visit Canvas.
Data Governance
To establish and maintain quality of the University’s data by recommending standards and guidelines around the management of data, including classification, lifecycle and integrity of the data.
Everyone has access to the data they need, which is accurate and secure, while respecting the privacy rights of the data subject.
To review and recommend policies and procedures regarding the security, compliance, and management of the University’s data assets.
Data Governance shall apply to all Protected and Proprietary data as defined in the Data Classification Policy 4.01 currently located here. This shall apply to all employees and subcontractors who access said data.
The Data Governance Committee currently meets monthly.
VACANT 16325_5c961f-3d> |
Clery Compliance Coordinator 16325_b14a23-86> |
Crystal Elliott 16325_9c4586-ae> |
Director of Human Resources 16325_99470d-f0> |
Anthony Glass 16325_e60257-55> |
Academic Operations Specialist 16325_73889e-97> |
Jennifer Gruening Burge 16325_3c5171-85> |
Director of Institutional Effectiveness 16325_4c8112-33> |
Andreas Kindler 16325_78a92d-0f> |
Registrar 16325_65a3c4-31> |
Michael McCauley 16325_dadc9e-5f> |
Business Relationship Manager 16325_5fc01d-7b> |
Shawn McCollum 16325_b3433c-51> |
Director of Admission Technology and Operations 16325_c9ca2c-27> |
David Scuffham 16325_a31b02-74> |
Chief Information Security Officer 16325_950723-e2> |
Karen Sorrel 16325_87b539-89> |
Human Resource Administrator 16325_d7a9c3-05> |
John Steffen 16325_1ce0ba-94> |
Analyst 16325_8383a7-d0> |
Nick Turner 16325_f68530-46> |
Database Administrator 16325_4472db-7f> |
Jocelyn Watkins 16325_ff0a71-d3> |
Title IX Coordinator 16325_8ea24a-18> |
Joseph Zwick 16325_c5d330-64> |
Director of Advancement Services 16325_b3d044-be> |
Service Catalog
Identity and Access Management
Password Checker enforces policy 6.01.01 Password Complexity and Change Frequency by querying passwords against a list of passwords that have been exposed in known data breaches. To validate if a password is allowed to be used for a BUnetID password or to check if a password has been exposed, visit Password Checker. To change or reset a password visit the Password Reset page.
Single Sign On provides authentication for multiple web applications, without the need for the applications to have access to users’ passwords. SSO for web applications hosted in the cloud also has the advantage of not requiring users to remember multiple passwords. To request a new Service Provider (SP) be added to Bradley’s SSO, please open a service ticket with the IT Service Desk at 309-677-2964.
Secure Computing
Encryption of Protected data in transit is required per policy 2.02 Secure Transit. Bradley University uses LeapFILE for secure sharing of files with outside entities who do not have a BUnetID. The Office of Information Security maintains a limited number of LeapFILE licenses that can be checked out. To request single, short term, or long term use of a LeapFILE license, please open a service ticket with the IT Service Desk at 309-677-2964.
Encryption of Protected data in transit is required per policy 2.02 Secure Transit. Information Security issues certificates from GlobalSign and also manages Bradley’s internal Certificate Authority (CA). The Office of Information Security prefers to manage the keys throughout their entire lifecycle, but you can also submit a Certificate Signing Request (CSR). ECC P-384 or RSA-2048 keys are the minimum key sizes allowed. To request a certificate please open a service ticket with the IT Service Desk at 309-677-2964.
The Office of Information Security maintains the configuration of DMARC, SPF, and DKIM DNS records to prevent spoofed email. Information Security works with departments who use third parties to send email on Bradley’s behalf to ensure the third party’s email platform is configured correctly. To request third party email delivery on behalf of bradley.edu, please open a service ticket with the IT Service Desk at 309-677-2964.
Security Consulting and Education
Security awareness training is hosted in Canvas.
Need Help? Questions about the content should be directed to the Office of Information Security at 309-677-3041. Technical questions should be directed to the IT Service Desk at 309-677-2964.
Security Incident Response (IR) and Investigation
If you are affected by ransomware, disconnect your device from the network (unplug your patch cable, disable wireless, enter airplane mode), disconnect removable media (hard drives, USB drives, SD cards, etc.), and leave your device on (do not shut it off nor reboot it). Please open a service ticket with the IT Service Desk at 309-677-2964.
Phisnet was created to be a central place to discuss phishing and view a curated list of phishing emails that have been caught by the Bradley community. It also contains a list of red flags to watch for in phishing emails and instructions to make it easier to report phishing emails. Please forward real or suspected phishing emails to [email protected]. If you have interacted with a scammer, opened an attachment within the phishing email, clicked on a link within the phishing email, or entered personal information, including your password, on a linked web page, please open a service ticket with the IT Service Desk at 309-677-2964.
IT Strategy, Governance, and Enterprise Architecture
The purpose of Data Governance is to establish and maintain quality of the University’s data by recommending standards and guidelines around the management of data, including classification, lifecycle and integrity of the data. Per policy 4.01.01 Procedures for Protected Data, the Data Governance Committee must be informed of all new uses or sharing of Protected Data that are not already cataloged in Data Categories and Roles. For a new use or sharing of Protected Data, create a Data Use Request packet in DocSoup, or contact David Scuffham, the chair of the Data Governance Committee, at 309-677-3041.