Mark Kerr: What threats does Queen’s face?

George Farah: Every year, we see thousands of attacks and that number is increasing. Queen’s and other universities are now facing a more diversified threat landscape that includes very determined and skilled hackers.

Organized cyber criminals are targeting large repositories of personal data for identity theft and other financial gain. These attacks threaten the availability, integrity and reliability of university systems and the intellectual property we handle.

MK: What can people do to limit the impact of the threats?

GF: One of the best things people can do is understand safe computing practices. We have posted on the ITServices website a list of 10 things they can incorporate into their daily activities to help protect their information and equipment.

As part of our awareness and education campaign, we are offering a new information security training course for staff, faculty and students. It is available online through Moodle so people can complete it at their desk on their own time. The course will give them information about the threats we face on campus and point to the key behaviours we encourage for safe computing.

MK: What is the purpose of the Electronic Information Security Policy Framework, which was adopted by the university earlier this year?

GF:  The three primary policies within the framework clearly outline the responsibilities staff, faculty and students have when it comes to preserving the integrity and reliability of the university’s IT infrastructure and the confidentiality of valuable or sensitive information. These policies are supported by standards and guidelines, which are like checklists that tell people what they need to do manage the various threat risks we face.

MK: Do individuals and units have to comply with the framework and guidelines right away?

GF: No, the intention is not to be compliant from day one. It’s a process through which ITServices will collaborate with IT partners across campus and provide the best support structure we can within our staffing means.

MK: What is Queen’s doing to help staff, faculty and student comply with the framework?

GF: The university is looking at different initiatives to provide support for key areas. One example is for encryption, which users must do if they are transporting sensitive information on a portable computer or device or sending that information to others electronically. When we started talking with the General Research Ethics Board and the Health Research Ethics Boards about encryption, we understood that some faculty members required assistance for that particular process. The ITServices Support Centre responded by offering free support for faculty, in addition to posting the instructions on our website. We are looking at these are the types of supports as we work toward compliance.

Visit www.queensu.ca/its for more information