Sending sensitive data via email is dangerous — and UAB IT is implementing new methods to help prevent students, faculty and staff from sending information they might regret.

Beginning March 3, UAB IT will implement a new system to help prevent credit card information from being transmitted via email. In the first phase, UAB IT's information security team will be notified of attempts to send a credit card number from a UAB email account.

During the next phase, you will see a popup policy tip advising you that sending such information violates UAB policy.

The popup policy tip will say: "The content of this email conflicts with UAB Policy regarding unsecured transmission of credit card information. If you do not resolve this conflict, this email may be blocked. Please refer to the UAB payment card policies and handbook."

When UAB IT introduces the policy tip warnings, emails will not be blocked from being sent yet. But emails that appear to include credit card information will eventually be blocked — both in incoming and outgoing emails.

"Our goal is to create a safer environment for UAB students, faculty and staff and to protect their personal and financial information," said Brian Rivers, assistant vice president and chief information security officer.

In the future, UAB IT will add more policy tips and preventive measures to protect sensitive information — including Social Security numbers — from being transmitted via email.

We all like to travel with our mobile devices (smartphones, laptops, or tablets) — whether it’s to the coffee shop around the corner or to a café in Paris. These devices make it easy for us to stay connected while on the go, but they can also store a lot of information — including contacts, photos, videos, location, and other personal and financial data — about ourselves and our friends and family. Following are some ways to protect yourself and others.

Before you go:

  • If possible, do not take your work or personal devices with you on international trips. If you do, remove or encrypt any confidential data.
  • For international travel, consider using temporary devices, such as an inexpensive laptop and a prepaid cell phone purchased specifically for travel. (For business travel, your employer may have specific policies about device use and traveling abroad.)
  • Install a device finder or manager on your mobile device in case it is lost or stolen. Make sure 
    it has remote wipe capabilities and that you know how to do a remote wipe.
  • Ensure that any device with an operating system and software is fully patched and up-to-date with security software.
  • Makes copies of your travel documents and any credit cards you’re taking with you. Leave the copies with a trusted friend, in case the items are lost or stolen.
  • Keep prying eyes out! Use strong passwords, passcodes, or smart-phone touch ID to lock and protect your devices.
  • Avoid posting social media announcements about your travel plans; such announcements make you an easy target for thieves. Wait until you’re home to post your photos or share details about your trip.

While you’re there:

  • Physically protect yourself, your devices, and any identification documents (especially your passport).
  • Don’t use an ATM unless you have no other option; instead, work with a teller inside the bank. If you must use an ATM, only do so during daylight hours and ask a friend to watch your back. Also check the ATM for any skimming devices, and use your hand to cover the number pad as you enter your PIN.
  • It’s hard to resist sharing photos or telling friends and family about your adventures, but it’s best to wait to post about your trip on social media until you return home.
  • Never use the computers available in public areas, hotel business centers, or cyber cafés since they may be loaded with keyloggers and malware. If you use a device belonging to other travelers, colleagues, or friends, do not log in to e-mail or any sensitive accounts.
  • Be careful when using public wireless networks or Wi-Fi hotspots; they’re not secure, so anyone could potentially see what you’re doing on your computer or mobile device while you’re connected.
  • Disable Wi-Fi and Bluetooth when not in use. Some stores and other locations search for devices with Wi-Fi or Bluetooth enabled to track your movements when you’re within range.
  • Keep your devices with you at all times during your travels. Do not assume they will be safe in your hotel room or in a hotel safe.

When you return:

  • Change any and all passwords you may have used abroad.
  • Run full antivirus scans on your devices.
  • If you used a credit card while traveling, check your monthly statements for any discrepancies for at least one year after you return.
  • If you downloaded any apps specifically for your trip and no longer need them, be sure to delete those apps and the associated data.
  • Post all of your photos on social media and enjoy reliving the experience!

 

Desktop install

A new grant to help prepare the Birmingham area workforce for new IT jobs got a helping hand last month from UAB IT.

Staff members from the department’s Desktop Services helped install computers at Innovation Depot to prepare for the first cohort of future IT professionals to participate in training as part of the Innovate Birmingham program.

The Innovate Birmingham initiative is a result of the Innovate Birmingham Workforce Partnership, a coalition of more than a dozen regional leaders, receiving nearly $6 million from the Department of Labor and Training Administration’s America’s Promise Grant. UAB served as the lead partner and fiscal agent for the consortium. Other partners include the City of Birmingham, TechBirmingham, the Dannon Project and Innovation Depot.

“Assisting with this project is part of our initiative to grow the community of information technology excellence in our community and beyond,” said Dr. Curtis A. Carver Jr., vice president and CIO.

The America’s Promise grant was awarded to community, business, and education leaders who are committed to fostering economic growth for the region and offering better opportunities for young adults. The grant will train nearly 1,000 people aged 17-26 and transition them into high-paying jobs in the IT sector. The partnership has secured support from 27 regional employers. This will establish a sustainable pipeline of talent in Birmingham to fuel inclusive innovation for local employers, meeting IT workforce demand for the region by offering demand-driven education, training and employment opportunities for area youth who are disconnected from the labor market. The training and education program will co-locate job-seekers with job-creators in the heart of the newly formed Innovation District by providing space for training at the Innovation Depot. Grant activities began January 1, 2017 with intent to begin training this spring.

“This award represents the commitment and collaboration of Birmingham’s top leaders in government, industry and academia to form the partnerships that enable our young people to obtain the skills they need to land good jobs in the city,” said Josh Carpenter, director of external affairs for UAB.
Protecting UAB data — from personal health and financial information to top-notch research — is one of the most important responsibilities at the University.

UAB’s Data Protection Rule establishes roles and responsibilities for those individuals and groups who will safeguard and use UAB data.

UAB IT and UAB Health System officials worked together to develop the Data Classification Rule, which has three levels of data: public, sensitive and restricted/PHI (personal health information).

The accompanying Data Protection Rule establishes six specific roles for those protecting institutional data.

“While the people with the most accountability for securing University data are in leadership and information technology, all of us at UAB have a responsibility to safeguard our data according to the proposed classification standard,” said Brian Rivers, assistant vice president and chief information officer. “That responsibility protects the university and the individuals who work here and attend school here.”

Data stewards

Data stewards have administrative control and are officially accountable for a specific information set. Examples include the vice president of Financial Affairs and Administration; the vice president for Research and Economic Development; deans and department chairmen overseeing data from their respective academic areas; and hospital managers or directors and vice presidents overseeing data from their respective clinic areas.

Data custodians

Data custodians safeguard the data on behalf of the data steward. While data stewards are ultimately responsible for the security of data, data custodians ensure the security controls are in place. UAB’s central Information Technology units (UAB IT) will be responsible for protecting all institutional data maintained and stored in the institutional information systems. UAB Health Services Information Services (HSIS) will be responsible for protecting all Health System data maintained and stored in the institutional information systems.

UAB Information Security

Members of the UAB IT and UAB Health System information security teams are responsible for developing and implementing the information security program, as well as the supporting data security and protection policies and procedures.

Departmental security administrators

Each unit or department senior manager will choose one DSA to act as a liaison with the UAB Information Security team. DSAs oversee information security responsibilities for the departments, including security awareness and security incident response.

System administrators

System administrators in UAB IT, HSIS and school/department units who are responsible for day-to-day maintenance of information systems are responsible for following data security protection procedures and practices.

Data users

Data users refers to individuals authorized to access UAB data and who are responsible for protecting information assets on a daily basis through adherence to UAB policies.
UAB IT Research Computing will hold its spring HPC User Forum on Wednesday, Feb. 8.

The event will be held from 1 to 2:30 p.m. in Ballroom C at the Hill Student Center.

UAB IT Research Computing aims to conduct two user forums through the year (spring and fall) to update the HPC user community on the status of the HPC system, the organization, planned upgrades, policy changes, and to receive feedback from users in order to improve delivery of HPC services and support to the community.

With UAB's last HPC upgrade in fall 2016, UAB IT now has more than 2,300 additional compute cores and 6 petabytes of storage available to help researchers analyze and manage data and UAB aims to grow the compute, storage and network fabrics to support research needs on Campus.

Please register to attend the HPC user forum here.
uab app spark 690x500

What could be added to the UAB app to make your life on campus easier?

UAB wants to hear your ideas for the new UAB app, which launched last fall and is designed to help students, staff and guests get around campus, get hired and get things done.

A new SPARK campaign seeks ideas from students, faculty and staff about what features to add to the app to make it more functional for everyone on campus.

Just log in to the SPARK campaign, submit your idea, or vote or comment on other ideas.

Those ideas that rise to the top in voting will likely get priority as the development of the app continues.

The UAB app already includes a campus map, directory and news and sports headlines; integrations with Canvas and BlazerNET, and links to IT services, Hill Center hours, campus dining and more.

Future plans include adding integrations for the B-Sync calendar and checking your OneCard balance.

Potential new features include academic adviser scheduling, functionality to move or remove tiles, and making tuition payments, as well as registration for events or classroom attendance.

What would you like to see in the app? Laundry or printer availability? A parking map? Library services?
A proposed data classification system for UAB will make it easier for faculty, staff and researchers to determine how best to keep University data safe.

UAB IT has worked closely with information security officials from UAB Health System to develop the proposed classification system.

Data Classification Levels

The new system proposes three levels of data: public, sensitive and restricted/PHI.

“Much of the University data covered by the sensitive and restricted levels is already regulated by law or contract,” said Brian Rivers, assistant vice president and chief information officer. “This proposed standard should help employees determine the best level of protection for the data they use.”

Public data

Public data is data that can be disclosed to the general public without harm. Examples of public data include phone directory information, course catalogs, public research findings, enrollment figures, public web sites, general benefits data, press releases, newsletters and other similar information.

Sensitive data

Sensitive data is data that should be kept confidential, with access requiring authorization or legitimate need-to-know involvement. Examples of sensitive data include FERPA information, budgetary plans, internal communications, proprietary business plans, patent pending information, export controls information and data protected by law.

Restricted/PHI data

Restricted/PHI data is sensitive data that is highly confidential in nature, and carries significant risk from unauthorized access. Privacy and security controls are typically required by law or contract for this data. Examples include Social Security numbers, credit card numbers (PCI), personally identified information, protected health information, Graham-Leach-Bliley Act (GLBA) data, export controlled data, FISMA regulated data, login credentials, and information protected by non-disclosure agreements.

The proposed policy also establishes roles and responsibilities for protecting institutional data.


UAB’s new supercomputer “worked like magic” as University professor Dr. Hassan Fathallah-Shaykh participated in a world-wide competition to evaluate MRI images of the brain.

Fathallah-Shaykh, a professor in UAB’s Departments of Neurology, Mathematics, Integrative, Developmental and Cell Biology, Biomedical, and Electrical Engineering won the 2016 BRATS Competition in Athens, Greece.

BRATS is short for Multimodal Brain Tumor Image Segmentation Challenge. Dr. Fathallah-Shaykh’s team, along with fellow Blazer biomedical Engineering graduate student Fabio Raman, tied with two other groups to top the field of 19. The use of UAB’s new supercomputer helped to separate Dr. Fathallah-Shaykh from the rest of the field, he said.

Last year, UAB IT installed the fastest supercomputer in the state — and one of the fastest in the Southeast. UAB increased computing speed for researchers from 10 teraflops to 110 teraflops, and increased storage from 0.7 petabytes to nearly 7 petabytes.

“The supercomputer worked like magic, without any glitches. It is evident that I would not have been able to compete without the supercomputer resource,” he said.

The BRATS Challenge consisted of the MRIs of 191 brain tumor patients diagnosed with low and high grade gliomas in different parts of the brain before and after surgery. Teams were tasked with determining the location of the segments of each MRI image that include enhancing tumor, FLAIR signal changes, necrosis, and tumor core, if any.

Dr. Fathallah-Shaykh’s method was the only method that was interactive, semi-automated and did not use statistical learning or neural networks.  It is designed such that the user can easily check the results and easily make modifications, if needed.

The method consists of two parts, and Fathallah-Shaykh used UAB’s research computer Cheaha to run first part of this process, which was the segmentation with NMF-LSM (Non-Negative Matrix Factorization and modified Level Set Method). He was granted 265 processors; all calculations were competed in about 12 hours — a process that without the supercomputer would have taken days to perform.

The performance of Dr. Fathallah-Shaykh and his team with the use of the supercomputer is a further sign that UAB’s “investment in research computing is paying off. UAB IT is committed to giving our researchers and faculty world-class technology, so that they can innovate and change the world," said Curt Carver, UAB’s VP of Information Technology.  
AskIT photo

New training techniques and a partnership with a leading technical support vendor are helping UAB IT improve its customer service goals in the AskIT help desk.

UAB IT has made a pledge to the university community to support their mission as a world-class educational and research institution. UAB IT leadership — including Vice President and CIO Dr. Curtis A. Carver Jr. — have been working in the help desk for months to build on improvements.

To make the mission of delivering world-class IT support to UAB faculty staff and students a reality, Jason Johnson, associate director for AskIT, has been put in place concrete steps to achieve this goal.

The first step is training and ensuring the AskIT Help Desk returns to the basics of the customer experience by focusing on training consistency and accuracy.

“Giving the Help Desk basic training for soft skills, customer service and guidance on how to handle tickets will ensure the team is consistent with each customer contact,” Johnson said.

In conjunction with these training plans, AskIT will also develop a standard skill level. They have also partnered with HDI, a renowned leader in the technical support industry, to deliver a blend of customer support, communications and problem solving to AskIT employees.

A constant need for the UAB campus is the dependence on technology and the expectation that issues should be resolved as efficiently as possible. AskIT is working on building up the staff to support the UAB administration, faculty, staff and students in order to handle the 10,000-12,000 requests and issues they receive on a monthly basis. 
UAB IT’s new firewall posture — known as “default-deny” — has significantly reduced potential outside attacks on the UAB network.

The new posture, “default-deny,” is a best practice for enterprise environments protect the campus community and better screen out unwanted or unexpected network activity. 

UAB’s attack surface has now dwindled from about 100,000 IP addresses to a little more than 2,100. Of those, most are publicly accessible web services or applications needed for University business, academic resources, collaboration or research.

This success of the new default-deny project is a result of co-authorship and partnership with IT professionals across campus.

The change does not impact any servers or services located within the UAB Health System network, as HSIS utilizes the default-deny firewall policy for their network segment.

If you have any specific technical questions, feel free to contact the Enterprise Information Security staff at 975-0842 or via email at datasecurity@uab.edu.