New security schedules improve University’s security posture

Posted on Tuesday, March 2, 2021

Female with headset sitting in from on two computer monitors and typing on keyboard, additional monitors in background

Remote working leaves us all vulnerable to new cybersecurity threats and risks, so we must be increasingly diligent. To enhance overall security, the University’s Administration Committee approved the adoption of 15 new security schedules and the implementation of a risk exception process to improve standardization, guidance, and transparency around the use of technology. 

 

Are you doing your part to keep our community safe from cyber threats? The new security schedules are now in effect, we will be sharing more information about how these changes affect you throughout this year. In the meantime, it is up to the community to familiarize themselves with their content.  

 

Key changes 

The new schedules provide a framework following broad areas of technology use. All members of the uOttawa community have responsibilities related to the devices they use to conduct business (workstations, mobile phones, tablets) and around Information security and risk management. Management and IT staff have minimum requirements to meet for server management, and Access and Network management. View the full list of security policies and schedules

 

  • Information security and risk management 

These schedules outline the requirements relating to the management and protection of sensitive or critical information, security training for staff, and the protection of the University's IT assets. 

Schedule N - Clean Desk 

Schedule P - Information Security Risk Assessment 

Schedule S - Security Awareness and Training 

Schedule W - Vulnerability Scanning 

Schedule X - Web Application Security Assessment 

 

  • Access and network management 

These schedules provide guidance regarding the use and management of privileged access to IT Systems and Services, permitted authentication methods, and the security of the University's wireless network. 

Schedule L - Privileged Account Usage on End-User Devices 

Schedule M - Privileged Access to IT Systems and Services 

Schedule V - Multi-factor Authentication 

Schedule Y - Wireless Communication 

 

  • Management of workstations and printers 

If you use a workstation and/or printers owned or managed by the University of Ottawa, the new schedules outline hardware and software configurations, permitted uses, software installations, physical access, and protection of information. 

Schedule Q - Patch Management 

Schedule R - Printer Security 

Schedule U - Software Installation 

Schedule Z - Workstation Security 

 

  • Server management 

If you own or manage University of Ottawa servers, these schedules outline hardware and software configurations, and list minimum security requirements for servers. 

Schedule Q - Patch Management 

Schedule T - Server Security 

Schedule W - Vulnerability Scanning 

Schedule O - Generating and Maintaining System Logs 

 

 

Implementation 

These policies and schedules apply to all active systems and IT initiatives underway at the University. We are working with the community towards compliance for all University IT assets and practices. Your commitment towards these security schedules enhances our overall cybersecurity posture, resilience against cyberthreats and transparency around known risks. 

Information sessions will take place later this year. 

 

Questions and Comments 

The University is committed to enhanced security and the implementation of these new schedules. For any questions or comments, contact us through the IT Service Portal

Back to top