About
The Office of Information Security helps protect people and their information by identifying and managing risk. We develop information security strategy and work with the University community to set information security policies and priorities. We identify where new information security controls are needed or existing security controls can be improved, maintain awareness of information security trends, and communicate with the University advising on all things information security.
News
Even though National Cybersecurity Awareness Month has concluded, it is important to remain aware throughout the rest of the year. The computer-based security awareness training includes modules on Malware, Mobile Security, Passwords, Phishing, Physical Security, Third Party Websites, and Unintended Disclosures. To access the training, visit Canvas.
Data Governance
To establish and maintain quality of the University’s data by recommending standards and guidelines around the management of data, including classification, lifecycle and integrity of the data.
Everyone has access to the data they need, which is accurate and secure, while respecting the privacy rights of the data subject.
To review and recommend policies and procedures regarding the security, compliance, and management of the University’s data assets.
Data Governance shall apply to all Protected and Proprietary data as defined in the Data Classification Policy 4.01 currently located here. This shall apply to all employees and subcontractors who access said data.
The Data Governance Committee currently meets monthly.
|
VACANT |
Clery Compliance Coordinator |
|
Crystal Elliott |
Director of Human Resources |
|
Anthony Glass |
Academic Operations Specialist |
|
Jennifer Gruening Burge |
Director of Institutional Effectiveness |
|
Andreas Kindler |
Registrar |
|
Michael McCauley |
Business Relationship Manager |
|
Shawn McCollum |
Director of Admission Technology and Operations |
|
David Scuffham |
Chief Information Security Officer |
|
Karen Sorrel |
Human Resource Administrator |
|
John Steffen |
Analyst |
|
Nick Turner |
Database Administrator |
|
Jocelyn Watkins |
Title IX Coordinator |
|
Joseph Zwick |
Director of Advancement Services |
Service Catalog
Identity and Access Management
Password Checker enforces policy 6.01.01 Password Complexity and Change Frequency by querying passwords against a list of passwords that have been exposed in known data breaches. To validate if a password is allowed to be used for a BUnetID password or to check if a password has been exposed, visit Password Checker. To change or reset a password visit the Password Reset page.
Single Sign On provides authentication for multiple web applications, without the need for the applications to have access to users’ passwords. SSO for web applications hosted in the cloud also has the advantage of not requiring users to remember multiple passwords. To request a new Service Provider (SP) be added to Bradley’s SSO, please open a service ticket with the IT Service Desk at 309-677-2964.
Secure Computing
Encryption of Protected data in transit is required per policy 2.02 Secure Transit. Bradley University uses LeapFILE for secure sharing of files with outside entities who do not have a BUnetID. The Office of Information Security maintains a limited number of LeapFILE licenses that can be checked out. To request single, short term, or long term use of a LeapFILE license, please open a service ticket with the IT Service Desk at 309-677-2964.
Encryption of Protected data in transit is required per policy 2.02 Secure Transit. Information Security issues certificates from GlobalSign and also manages Bradley’s internal Certificate Authority (CA). The Office of Information Security prefers to manage the keys throughout their entire lifecycle, but you can also submit a Certificate Signing Request (CSR). ECC P-384 or RSA-2048 keys are the minimum key sizes allowed. To request a certificate please open a service ticket with the IT Service Desk at 309-677-2964.
The Office of Information Security maintains the configuration of DMARC, SPF, and DKIM DNS records to prevent spoofed email. Information Security works with departments who use third parties to send email on Bradley’s behalf to ensure the third party’s email platform is configured correctly. To request third party email delivery on behalf of bradley.edu, please open a service ticket with the IT Service Desk at 309-677-2964.
Security Consulting and Education
Security awareness training is hosted in Canvas.
Need Help? Questions about the content should be directed to the Office of Information Security at 309-677-3041. Technical questions should be directed to the IT Service Desk at 309-677-2964.
Security Incident Response (IR) and Investigation
If you are affected by ransomware, disconnect your device from the network (unplug your patch cable, disable wireless, enter airplane mode), disconnect removable media (hard drives, USB drives, SD cards, etc.), and leave your device on (do not shut it off nor reboot it). Please open a service ticket with the IT Service Desk at 309-677-2964.
Phisnet was created to be a central place to discuss phishing and view a curated list of phishing emails that have been caught by the Bradley community. It also contains a list of red flags to watch for in phishing emails and instructions to make it easier to report phishing emails. Please forward real or suspected phishing emails to [email protected]. If you have interacted with a scammer, opened an attachment within the phishing email, clicked on a link within the phishing email, or entered personal information, including your password, on a linked web page, please open a service ticket with the IT Service Desk at 309-677-2964.
IT Strategy, Governance, and Enterprise Architecture
The purpose of Data Governance is to establish and maintain quality of the University’s data by recommending standards and guidelines around the management of data, including classification, lifecycle and integrity of the data. Per policy 4.01.01 Procedures for Protected Data, the Data Governance Committee must be informed of all new uses or sharing of Protected Data that are not already cataloged in Data Categories and Roles. For a new use or sharing of Protected Data, create a Data Use Request packet in DocSoup, or contact David Scuffham, the chair of the Data Governance Committee, at 309-677-3041.
