CEP was initiated by the Executive Leadership Team in February 2024 to address the 4 major security gaps found in the 2023 Oculus IT and Protiviti audit. These gaps were identified as the most likely to occur and the greatest impact.
Embedded Files
Data Leakage Project
Data Leakage Project
Goal: The outcome of this project will prevent unintentional and intentional data from leaving our digital environment.
Who is impacted: All individuals (faculty, staff, students, guests). Anyone who has access to or receives Trinity-owned data.
Significant progress was made regarding data leakage prevention.
Trinity purchased a tool that allows the University to identify when sensitive information is removed from the network via USB.
The CEP steering committee approved our 2025 path forward.
What to expect in 2025:
ITS will coordinate with faculty and staff to install the tool on network devices.
You will not be prevented from using a USB or saving the file(s). However, you will receive a message to ensure you’re notified of the risk.
Be on the lookout for communication in 2025.
What is not changing:
Faculty members who share research data externally will still be able to do so, however, there will be a layer of authentication for the recipients of that data. Specific details are still in progress.
This project is not intended to interfere with academics or curriculum. This project aims to ensure secure access to Trinity's data, prohibiting storage on personal accounts or devices like personal Dropbox or Google-suite accounts.
What is changing:
Trinity will implement safeguards to prevent Trinity-owned (sensitive data) from leaving our environment. Examples include student records, social security numbers, and health information.
How data is shared will change to ensure this is done safely - details are still being determined.
Trinity-owned data will no longer be able to be stored in personal accounts or devices, e.g., personal Dropbox, personal devices, and personal G-suite.
Project Manager: Art de los Santos
Intrusion Prevention Project
Intrusion Prevention Project
Goal: Trinity will secure all devices that access the Trinity network and Trinity-owned data to ensure that if there is a data breach, there is minimal impact.
Who is impacted: All individuals (faculty, staff, students, guests) who access (or want to gain access) to the Trinity network.
This is a behind-the-scenes project to help ensure our “house” isn’t broken into.
The University moved to "role-based" access where any devices that connect to the Trinity network will need to authenticate and will be assigned the appropriate level of access. Examples: a) A staff member in Finance will not have access to files in the English Department. b) Academic department devices will only be accessible to members of that department.
What to expect in 2025:
Personally owned devices will require a web browser guest login or registration. Example: When you are using your personal cell phone and want to send an email through Tmail, you will be required to log in and authenticate. The same process applies if you plug in your laptop on campus.
What is not changing:
The access you have on-campus using TUSecure and the access you have from home using your Trinity credentials will be the same. Examples are Tmail, Workday, Canvas, and Google Drive.
TUSecure and TUGuest will still be available with TUGuest being restricted to internet browsing similar to the level of permission granted when using the public wifi at an airport or restaurant.
What is changing:
The University will move to "role-based" access where any devices that connect to the Trinity network, will need to authenticate and will be assigned the appropriate level of access.
Personally owned devices will require a web browser guest login or registration. Example: When you are using your personal cell phone and want to send an email through Tmail, you will be required to log in and authenticate. The same process applies if you plug in your laptop on campus.
Project Manager: Gerno Reinard
Identity & Access Management Project
Identity & Access Management Project
Goal: This project will securely and positively identify (authenticate) and allow correct access (authorization) to resources and data.
Who is impacted: All individuals (faculty, staff, students, guests) who access (or want to gain access) to the Trinity network. The file scan will only impact faculty and staff. Student files will not be scanned at this time.
The focus was on improving multi-factor authentication.
As a result, DUO changed to better identify security risks. You may have noticed being asked to input a “6-digit code input” versus “push to accept.”
An Access Review Policy has been drafted and will be under review.
What to expect in 2025:
Recalling a house analogy, Trinity needs to make sure our valuables are in a secure location. In 2025, ITS and CEP teams will work with faculty and staff to sort the items in our “house” so you know where to store different types of documents and other data.
The team anticipates seeking steering committee approval and implementing a revised Access Review Policy.
What to expect
Trinity purchased an automated tool that looks for patterns in Trinity's data and flags it for high-risk security gaps, e.g., social security numbers, health information, personnel records, and financial data. The purpose of the file scan is to identify what sensitive data Trinity has, and where it is located, a University-wide file scan will be performed in late-Summer 2024.
The results of the University-wide file scan will help determine how much sensitive data we have, where it is stored, who has access, and what needs to be done to manage access to this data.
What is changing
A process will be put in place to request access to Trinity-owned data. Trinity-owned data means any data stored on the Trinity network or associated with a Trinity.edu Tmail account.
Project Manager: Wes Gordon
Data Management Project
Data Management Project
Goal: Trinity must minimize the impact and consequences of a successful attack, breach, or compromise of data. The data management project aims to discover where all our sensitive data is and assist the campus community in migrating such data to a secure location.
What do we mean by regulatory-restricted (or sensitive) data?
Examples of this type of data include student record data, personnel records, financial data, and health information.
Why is this a priority
Cyberattacks continue to rise and the largest increase per industry has been in the education sector. This trend has triggered a tightening of security compliance by the laws and regulations that blanket higher education.
Who is impacted
Trinity employees (faculty, staff, student workers, contractors, vendors, etc.) who maintain or who have access to regulatory-restricted data on their endpoint, servers and/or systems (USB & External Storage Devices, desktop computers, laptops, Tmail, Google Drive, OneDrive, etc. This includes the data that is accessible via TU owned and/or personally-owned devices.
For example: If regulatory-restricted data is located on your device or file storage, you will be required to either delete, archive, or migrate this to an approved storage location (to be determined).
The focus was on the University-wide file scan.
Trinity purchased an automated tool that looks for patterns in Trinity's data and flags it for high-risk security gaps, e.g., social security numbers, health information, personnel records, and financial data.
No action is required unless you are notified.
What to expect
Trinity will acquire data management tools that will give us the ability to scan the network and computing environment for sensitive and regulatory-restricted data, e.g., HIPPA, FERPA, GDPR, etc.
The project will consist of multiple phases including data discovery (scanning), data inventory, data cleanup, data classification, and data management.
Sensitive data will be detected and classified for greater auditing and monitoring capabilities.
The data scanning tool will actively monitor real-time activity for any irregularities or mishandling of sensitive data.
People will be required to store regulatory-restricted data in secure locations only so we can leverage enhanced security protection. For example: If you try to email Social Security Numbers through Tmail, you may be unable to send this email.
What is not changing
Trinity University’s commitment to providing a safe and secure environment.
Trinity's institutional obligation to protect and report on sensitive data under various laws and regulations.
What is changing
The University acquired improved capabilities to achieve compliance by monitoring, auditing, and protecting sensitive data.
We will have an improved capability to help enforce data retention policies throughout our digital footprint.
Project Manager: Brian Cornell
Page updated
Report abuse