Incident Management

Since 2005, UB has been classifying and tracking information security incidents. UB's Information Security Office works to minimize the damage from each compromise. By building increased awareness among UB students, faculty and staff, the number of compromised accounts continues to drop.

Some incident management milestones for UB have been:

  • UB is a member of REN-ISAC
  • Building out our Splunk infrastructure to assist with event information

Our REN-ISAC membership keeps the Information Security Office informed about compromises that the University otherwise wouldn’t be aware of; there are a variety of compromises that are generally detectable only at remote ends. For example, botnet compromises would go largely undetected without a relationship with REN-ISAC. The information sharing and trust relationships that come with UB’s membership have allowed us to better secure our infrastructure.

Progress Made

Measures taken by the Information Security Office to combat phishing and account compromises: 

  • Continue documenting and communicating phishing messages that specifically target UB -- i.e. they claim to come from "UB Mail Team,” "UB Account Security Team" or some variation. 
  • Reporting phishing sites referenced in messages sent to UB students, faculty or staff, whether those messages target UB or not, to the responsible site owner and ISP.  
  • In the process of implementing multi-factor University-wide authentication for most services.
  • The Information Security Office worked with ITCE to create security related videos for new employee orientation.
  • Regularly utilizing additional features of UB's next generation firewall technology to block dangerous URLs and scan email attachments for infected files at the border.
  • Regularly revise advice given by the UBIT Help Center to students, faculty and staff that have been compromised more than once.
  • Purchased 1,500 seats of a third party security awareness training package, added to the CIO new hire training. This software is also available to IT Node Directors.
  • Require that VPN users authenticate before being able to send email.
  • Work regularly with ITCE to advise the University community of significant threats, as well as to promote security awareness topics.
  • UB became a Champion for both National Cyber Security Awareness Month and Data Privacy Day.
Still need help?

Contact the UBIT Help Center.