Well-informed university community members are the most effective weapons against cybersecurity threats. Members who understand and accept their roles and responsibilities to protect digital assets are more vigilant against those threats and more likely to take appropriate steps to thwart them. As a result, OIT uses the following communication methods and collaborates with established teams to increase cybersecurity awareness in the campus community:
As each new or revised publication is launched (including PRRs, standards, procedures, and guidelines), it is important to make sure everyone on campus is aware of the content and that all departments and individuals understand their roles and responsibilities.
To achieve this level of awareness, OIT delivers the following communique:
- 3D memo — The Vice Chancellor for IT and CIO sends an email with a PDF attachment to all individuals on campus. This letter announces the new information, provides a high-level description of the contents and responsibilities and includes all relevant links.
- Presentations — OIT delivers both general and tailored presentations to campus departments and groups.
NOTE: Presentation materials are made available to groups that provide their own training.
The Cybersecurity Liaison program is a network of designated college and department/unit representatives who collaborate with OIT S&C to defend the university from cyber threats.
Mission: Maintain security of university digital assets by continuously identifying and addressing weaknesses in its cyber defenses. This team is empowered to address security incidents and compliance requirements at the college, division, or department/unit level in coordination with OIT S&C.
Cybersecurity Liaison Responsibilities
- Briefing local constituents on security issues
- Serving as ambassadors for security standards and best practices
- Recommending best practices to secure data within their organizations
- Assisting in classifying data within their organizations
- Reporting to OIT S&C any suspected breach or exposure of sensitive data
- Providing to OIT S&C any concerns about information security within their organizations
- Serving as Point of Contact (POC) for S&C-identified incidents
- Participating in periodic security training, briefings, and other events
University leadership (vice chancellors, vice provosts, deans, and directors) appoint at least one staff member to serve as their cybersecurity liaison. Additional representatives may be appointed at the department level based on the size and scope of the division or college.
As part of the university cybersecurity strategic plan, OIT S&C focuses on user cybersecurity awareness and training as a pivotal component of the overall cybersecurity program. The first strategic goal outlined in the plan is for NC State to “be a leader in higher education cybersecurity awareness.”
User cybersecurity awareness and training is a complex program designed to reduce the susceptibility of the university community to social engineering and other forms of cyberattacks. OIT S&C believes the best way to accomplish this objective is to partner with other campus units to develop the most effective awareness messages.
The Cybersecurity Awareness Team (CSAT) was created as a service group to assist S&C in delivering this crucial service to our university community. The CSAT was established to assist OIT S&C in achieving the awareness goals, objectives, and tactics outlined in the university cybersecurity strategic plan. The CSAT is also charged with providing logistical coordination and support of ongoing university cybersecurity awareness and training.
The CSAT addresses general cybersecurity awareness and role-based training university-wide.
General cybersecurity awareness training refers to end-user training regarding common data security risks, mitigation steps, and security tools available at NC State. This type of training is applicable to all individuals on campus.
Role-based security training targets individuals according to their specific roles within the institution — examples including faculty; researchers (faculty, staff, and students); IT support staff; all administrative staff; and so forth. Typically, this type of training is delivered as the result of a collaborative partnership between the CSAT and subject matter experts within appropriate business units.
Cybersecurity Awareness Months
The CSAT coordinates cybersecurity awareness activities throughout the year with the following annual events:
- Cybersecurity Awareness Month: NC State University observes Cybersecurity Awareness Month (CSAM) every year in October as part of the National Cybersecurity Awareness Month campaign — started by the National Cyber Security Division within the Department of Homeland Security and the nonprofit National Cyber Security Alliance. The campaign raises awareness about the importance of cybersecurity.
- Data Privacy Day/Month: January 28th is Data Privacy Day, which is recognized worldwide as an annual international effort to empower individuals and businesses to respect privacy, to safeguard data, and to facilitate trust. The Higher Education community celebrates Data Privacy Month (DPM) every year from January 28th through February 28th to spotlight ongoing data privacy issues.
See the CSAT Charter for additional information.
|Information Security Program at NC State||Policies, Regulations & Rules (PRRs)||N/A (The End)|