2023 Accreditation Submission

Technology Information Security Accomplishments

Policy and Procedures
ITS finalized BPPM additions including a system security plan, a security assessment procedure, and a risk assessment procedure, allowing business units to develop and implement technical resources that align with WSU security and privacy standards.

WSU now also requires all employees to complete annual cyber security awareness training, improving WSU’s defenses against social engineering attacks by educating on real-world security and privacy threats. Staff and students regularly assist in front line information security efforts by forwarding potentially malicious emails to ITS’ information security team for review.

Multi-Factor Authentication
Through a multi-phase implementation, multi-factor authentication (MFA) became a required security step for the university community to access most system academic and business resources. This industry-best tool dramatically reduced the threat posed by compromised passwords for the 30,000+ network authentications WSU averages each day.

Security Operations Center
WSU now employs security operations monitoring, detection, and mitigation capabilities system-wide, including the deployment of industry-leading endpoint detection and response which provides real-time monitoring and threat detection at the end-user level for more than 8,000 WSU servers, staff, and faculty.

Access Security
ITS completed a student information system (SIS) security role audit for over 10,000 employees, implementing an annual review to ensure robust security and access processes.

Email Protections
ITS implemented Domain-based Message Authentication Reporting and Conformance (DMARC), a form of email authentication that protects WSU users from online threats like spam or malware to all incoming and outgoing emails. ITS engaged with leadership across numerous departments university-wide to verify that DMARC implementation did not change email business processes. A significant security benefit, DMARC protects WSU’s identity and reputation by creating safer online connections.

Cyber Awareness Engagement
ITS introduced annual cyber awareness events including student engagement trivia and a cyber-security awareness summit that brings industry experts to WSU IT staff. ITS also continues to grow training and awareness opportunities through opt-in simulations and information security testing.