2020-2024 Information Technology Strategic Plan for Auburn University
"To effectively defend the campus technology environment, everyone must take responsibility for cybersecurity, and everyone must help protect Auburn’s valuable resources."
Auburn’s Cybersecurity strategy is, quite simply: Make Intrusion Difficult; Detect Quickly; React Effectively; Minimize Impact.
Auburn experiences cyber-based threats each and every day. The university is an increasingly important target for the theft of intellectual property, malicious damage to core infrastructure, and disruption of campus operations. Threats are perpetrated by Advanced Persistent Threats (APT) sponsored by nation states committed to stealing intellectual property or undermining American national security. There are also individual actors seeking financial gain or simply trying to feed their egos by creating as much chaos as possible. Auburn is ever vigilant in protecting the university. Auburn meets the threat by adopting the “defense in depth” philosophy. To combat phishing and social engineering Auburn blocks an average of 100 million malicious emails per month representing eighty-five percent (85%) of all inbound email. Viruses and other intrusion attempts are filtered through firewalls at multiple levels. From April through December 2018, Auburn’s firewalls blocked 40.5 million intrusion attempts. The threat has increased. In the first seven months of 2019, campus firewalls blocked 26.8 million attempts making the total projected attempts in excess of 45M by the end of 2019.
No matter how vigilant we are, it is no longer a matter of if we will be “hit” or even when we will be “hit”. It’s really a matter of when we will be hit again. The staff members tasked with protecting the university must maintain an impenetrable defense 100% of the time, while those with malicious intent need only find one vulnerability in a million attempts. To effectively defend the campus technology environment, everyone must take responsibility for cybersecurity, and everyone must help protect Auburn’s valuable resources.
Auburn’s strategic goals for Cybersecurity address ways to make intrusion attempts as difficult and as ineffective as possible. If intrusion does occur, Auburn must identify threats quickly, isolate and remove the threats, and minimize the impact on campus constituents.
Sub-goals Supporting Cybersecurity
- 3.1 Cybersecurity policy and strategy is updated regularly to provide a reasonable balance between risk, cost, and benefit. Thoughtful, technologically current cyber policy guides management’s cost/benefit decisions needed to balance the cost of protecting the enterprise with the potential loss of intellectual property, reputational harm caused by an intrusion, and impact of stolen personal data on the campus community. On a monthly basis, Auburn’s Chief Information Security Officer will continue to prepare a risk assessment used by the CIO to assess effectiveness, revise cyber policy, and adjust long and short term investments.
- 3.2. Cybersecurity is everyone’s responsibility. By Spring 2020, all faculty, staff, researchers, extension professionals, and affiliates will be required to complete annual security training focused on current threats
- 3.3. The Auburn Security Operation Center (SOC), working with campus units, will proactively search for threats to campus systems, thoroughly assess impact, and work with constituents to mitigate impact and risk. The SOC became operational in Fall 2019 and will continue to refine processes.
- 3.4. Auburn’s core infrastructure will be redesigned to improve security and resilience, taking advantage of both on-premises and cloud options. Redesign will be completed by the end of FY2022.
- 3.5 By the end of CY2019 all campus units will be fully compliant with campus Cybersecurity standards. Unit heads will be kept informed of changes in policy and standards by their internal technology teams. Corrective actions will be taken quickly to remedy non-compliant environments.
Corresponding Goals from the Auburn University Strategic Plan:
Last Updated: February 25, 2020