Skip to content →

Cybersecurity

Image of a digital lock showing a connection to email, a fingerprint, a laptop and cloud storage

What is Cybersecurity

Cybersecurity in research is designed to bring together faculty, IT staff, and other appropriate experts to promote cutting-edge research into cybersecurity best practices and infuse the curriculum with lessons learned. It is a mix of “build it and they will come” and innovation through data-sharing partnerships. One example partnership would be BNIA (Bloomington Normal Innovation Alliance) but that has not gone too far just yet. Other partnerships would be with ISU researchers and the more forward focus of this group. 

Operational wise cybersecurity is also the processes, practices, procedures, and technology designed to protect data, programs, devices, and networks.  These are protected from attack, damage, and/or unauthorized access.  Cybersecurity is based around a triad known as C.I.A.: Confidentiality, Integrity, and Availability. Cybersecurity keeps information private, protects data from being altered, and ensures that authorized users can access their data freely. Cybersecurity is crucial to business and is ultimately an incarnation of risk management.

Mission

Cybersecurity’s mission is to protect the institution. Malware, ransomware, denial of service, or other threats to information technology results in a risk to the business and its data. For ISU, in particular, the mission of the Information Security Office is as follows and is taken directly from the ISO website:

“The mission of the ISO, is to assure the security of the University’s Information Technology (IT) resources including building a cyber-threat resilient University culture and promoting the existence of a safe computing environment in which the University community can teach and learn. To support this mission, the Information Security Office will develop processes, procedures, and policies for anything related to confidential information, individual privacy, and the University’s information assets.”

Projects And Meetings

ISU Projects

  • Multifactor Authentication (MFA)
    • Multifactor authentication is a huge win for the University community. The number one method of compromise some mention is as simple as “through the front door.” (Why hack a system with a complicated exploit if you can phish a user with access to the system and then simply log in to the system on the login page?) MFA is one of the best protections available for preventing user account compromises.
  • CIS Controls
    • The University is in the midst of a massive shift in how we apply configuration standards. A University-wide effort has begun to implement the CIS Controls: Learn more here as the configuration standard for University-managed systems. A unified configuration standard will harden University systems and processes to ensure we are more resilient to attack than ever before.

Bloomington-Normal Alliance Projects

  • Smart Cities
    • Smart Cities initiative to empower Bloomington-Normal to embrace technological innovation with smart development & policies rooted in connectivity, mobility, equity, and sustainability. 

Engagement

This would be case-by-case. At this time, there is no Cybersecurity RCAB engagement with BNIA (Bloomington-Normal Innovation Alliance).

Bloomington-Normal Innovation Alliance

The Alliance’s mission is to empower the Bloomington-Normal region to embrace innovation, bolstering local economies with smart development and policies rooted in connectivity, mobility, equity, and sustainability. This effort is a collaboration among Heartland Community College, Illinois Wesleyan and Illinois State Universities, McLean County, the City of Bloomington, the Town of Normal, the Economic Development Council, and the McLean County Chamber of Commerce.  

More Information Here! (ADD LINK)

ISU is a member of the alliance. All members collaborate on the initiatives they come up with. The Bloomington-Normal Innovation Alliance is not engaging ISU for direct protection. Rather, they work with ISU to discuss, design and plan projects in collaboration with ISU. This can range from technology and the partnerships ISU has with hardware and software vendors to providing advice on policy and standards to implement such technology securely. For now, it has been limited to discussing best practices, effective and efficient cybersecurity programs, and how to operate securely with limited resources. 

ISU is doing a non-research engagement through the RCAB Cybersecurity, we want to encourage the discussion with BNIA to consider risk assessment procedures to assess their cyber environments, identify gaps, and prioritize work to correct the work. 

Research Computing Advisory Board (RCAB) 

Illinois State University is “Lowering the Threshold for Faculty Research.” In partnership with Academic Affairs, Technology Solutions has a collaborative effort called the Research Computing Advisory Board. RCAB is comprised of faculty researchers to provide direction and oversight of the designated resources Technology Solutions makes available to support researchers at ISU. RCAB will ensure we align people, processes, and technology to enable researchers to focus on their work. 

The Research Computing Advisory Board provides direction and oversight of the designated resources Technology Solutions makes available to support researchers at ISU. The objectives of RCAB are to develop consensus for the needed services, manage those services, build skills, and create a community that supports campus research. These objectives will be the cornerstone for Technology Solutions to align the people, processes, and technology enabling researchers to focus on their specific work. Any approved sub-committees will have a complementary charter to RCAB’s efforts. 

Cybersecurity is an important priority to The Research Capability Advisory Board (RCAB). RCAB manages and informs users about their stored data and why the information is needed. this allows for clarity and any concerns the user may have when it comes to their privacy. RCAB is always adding new policies and making sure everything is up to date. For more information, Click Here 

The RCAB at Illinois State University aspires to connect with and support grant efforts of the Normal and Bloomington municipalities, Mclean County, and economic entities within those areas. It will work to create collaborative research efforts with Heartland Community College and Illinois Wesleyan University. It will also look to create communities in the State of Illinois under the auspices of the Illinois Innovation Network. Finally, it will look to create communities with other educational institutions in the wider United States. 

Center for Cybersecurity Research and Education – This center exists under the School of IT and supports work within the cybersecurity major. (Read more

Cyber Security in HPC, Infrastructure, and AR/VR

When discussing cybersecurity, it is important to acknowledge that security and privacy should be included in all systems by design regardless of the system’s role as infrastructure, an HPC, or another function. Cybersecurity principles may be applied differently to different systems, but there are many constants. Access controls need to be applied. Secure development and coding principles need to be followed. Access must be granted using the least privilege.

Software available to students/faculty/staff

Current software available to Students

Current software available to Faculty

Security Aspects Using Large Data Sets to Answer Complex Research Questions

The security aspects of using a large dataset come down to what types of data are being used.  The University has an established procedure (Found Here) that provides guidance for classifying and protecting data.  We use 3 classification levels: Highly Restricted, Restricted, and Unrestricted. The University protects data regardless of the data set size. A small number of social security numbers have the same legal protections as 1000 social security numbers. The classification and risk of the data drive the security controls for the data.  For Highly Restricted or Restricted data, safeguards need to be put in place that restricts access to data such that only authorized users may access it.  Unrestricted data can often be a public record.

Research Data Protection

The role cybersecurity plays in protecting research data depends on the research project and the type of data being collected or used.  At the University, the researchers themselves are usually responsible for their data.  The Information Security Office is a resource that can be used by researchers to assist with data security but is not ultimately responsible for that data usage.  In many cases, research projects or data collections require data management plans.  These are documents that spell out how data is stored, used, secured, and any other functions or tasks involving research data.  These plans may be a requirement of grant providers or contracts governing the data use.  When data management plans are implemented, the Information Security Office can assist to make sure the data is being handled as required in the plan.

Aspects Available Only to Faculty

In short, nothing.  Every member of the ISU community should participate in cybersecurity whether it be keeping your systems up to date or not sharing your passwords.  While unique job roles may have different responsibilities, different data, and different systems, the core concepts of cybersecurity apply in the same way to students and employees regardless of classification. However, the faculty will have some more unique challenges and experiences that differ from other employee populations.

For any questions contact…

Name: Craig Jackson

Email: cejack2@IllinoisState.edu

Phone: 309-438-9525

Skip to toolbar