February 10, 2017

Security tips

  • Use a unique password for each site. Hackers often use previously coampromised information to access other sites. Choosing unique passwords keeps that risk to a minimum.
  • Use a password manager. Using an encrypted password manager to store your passwords makes it easy to access and use a unique password for each site.
  • Know what you are sharing. Check the privacy settings on all of your social media accounts; some even include a wizard to walk you through the settings. Always be cautious about what you post publicly.
  • Guard your date of birth and telephone number. These are key pieces of information used for verification, and you should not share them publicly. If an online service or site asks you to share this critical information, consider whether it is important enough to warrant it.
  • Keep your work and personal presences separate. Your employer has the right to access your e-mail account, so you should use an outside service for private e-mails. This also helps you ensure uninterrupted access to your private e-mail and other services if you switch employers.
  • There are no true secrets online. Use the postcard or billboard test: Would you be comfortable with everyone reading a message or post? If not, don't share it.
  • Read your credit card, bank, and pay statements carefully each month. Look for unusual or unexpected transactions. Remember also to review recurring bill charges and other important personal account information.
  • Review your health insurance plan statements and claims. Look for unusual or unexpected transactions.
  • Shred it! Shred any documents with personal, financial, or medical information before you throw them away.
  • Take advantage of free annual credit reports. In the US, the three major credit reporting agencies provide a free credit report once a year upon request.
  • If a request for your personal info doesn’t feel right, do not feel obligated to respond! Legitimate companies won’t ask for personal information such as your social security number, password, or account number in a pop-up ad, e-mail, text, or unsolicited phone call.
  • Limit the personal information you share on social media. Also, check your privacy settings every time you update an application or operating system (or at least every few months).
  • Put a password on it. Protect your online accounts and mobile devices with strong, unique passwords or passphrases.
  • Limit use of public Wi-Fi. Be careful when using free Wi-Fi, which may not be secure. Consider waiting to access online banking information or other sensitive accounts until you are at home.
  • Secure your devices. Encrypt your hard drive, use a VPN, and ensure that your systems, apps, antivirus software, and plug-ins are up-to-date.
  • Secure your devices with a strong password, pattern, or biometric authentication. Check the settings for each device to enable a screen-lock option. For home routers, reset the default password with a strong one.
  • Install anti-malware. Some software includes features that let you do automatic backups and track your device.
  • Check your Bluetooth and GPS access. Disable these settings on all devices when not needed and avoid using them in public areas.
  • Update your devices often. Install operating system and application updates when they become available.
  • Review phone apps regularly. Remove any apps you don’t use. Be selective when buying or installing new apps. Install only those from trusted sources and avoid any that ask for unnecessary access to your personal information.
  • Treat devices like cash! Don’t let your devices out of your sight or grasp. Maintain physical control of your device in public areas. Get a lock (alarmed is best) for your laptop and use it.
  • Keep it sunny in the cloud. Whether using Google Drive, Dropbox, OneDrive, iCloud, Amazon Drive, or any of the many cloud options, set privacy restrictions on your files to share them only with those you intend. Protect access to your cloud drive with two-factor authentication.
  • Create a secure wireless network. Configure your wireless router to protect your bandwidth, identifiable information, and personal computer. Secure it with proper set up and placement, router configuration, and a unique password, using the strongest encryption option. See http://www.wi-fi.org/ for more tips.
  • Protect your Internet of Things (IoT) devices. Are you sharing your livestreaming nanny cam with the world? Review privacy settings for all Internet-ready devices before connecting them to the web.
  • Always: Use a unique password for each account so one compromised password does not put all of your accounts at risk of takeover.
  • Good: A good password is 10 or more characters in length, with a combination of uppercase and lowercase letters, plus numbers and/or symbols — such as pAMPh$3let. Complex passwords can be challenging to remember for even one site, let alone using multiple passwords for multiple sites; strong passwords are also difficult to type on a smartphone keyboard (for an easy password management option, see “best” below).
  • Better: A passphrase uses a combination of words to achieve a length of 20 or more characters. That additional length makes its exponentially harder for hackers to crack, yet a passphrase is easier for you to remember and more natural to type. To create a passphrase, generate four or more random words from a dictionary, mix in uppercase letters, and add a number or symbol to make it even stronger — such as rubbishconsiderGREENSwim$3. You’ll still find it challenging to remember multiple passphrases, though, so read on.
  • Best: The strongest passwords are created by password managers — software that generates and keeps track of complex and unique passwords for all of your accounts. All you need to remember is one complex password or passphrase to access your password manager. With a password manager, you can look up passwords when you need them, copy and paste from the vault, or use functionality within the software to log you in automatically. Best practice is to add two-step verification to your password manager account. Keep reading!
  • Step it up! When you use two-step verification (a.k.a., two-factor authentication or login approval), a stolen password doesn’t result in a stolen account. Anytime your account is logged into from a new device, you receive an authorization check on your smartphone or other registered device. Without that second piece, a password thief can’t get into your account. It’s the single best way to protect your account from cybercriminals.
  • If possible, do not take your work or personal devices with you on international trips. If you do, remove or encrypt any confidential data.
  • For international travel, consider using temporary devices, such as an inexpensive laptop and a prepaid cell phone purchased specifically for travel. (For business travel, your employer may have specific policies about device use and traveling abroad.)
  • Install a device finder or manager on your mobile device in case it is lost or stolen. Make sure
    it has remote wipe capabilities and that you know how to do a remote wipe.
  • Ensure that any device with an operating system and software is fully patched and up-to-date with security software.
  • Makes copies of your travel documents and any credit cards you’re taking with you. Leave the copies with a trusted friend, in case the items are lost or stolen.
  • Keep prying eyes out! Use strong passwords, passcodes, or smart-phone touch ID to lock and protect your devices.
  • Avoid posting social media announcements about your travel plans; such announcements make you an easy target for thieves. Wait until you’re home to post your photos or share details about your trip.
  • Fortify each online account or device. Enable the strongest authentication tools available. This might include biometrics, security keys, or unique one-time codes sent to your mobile device. Usernames and passwords are not enough to protect key accounts such as e-mail, banking, and social media.
  • Keep a clean machine. Make sure all software on Internet-connected devices — including PCs, laptops, smartphones, and tablets — are updated regularly to reduce the risk of malware infection.
  • Personal information is like money. Value it. Protect it. Information about you, such as purchase history or location, has value — just like money. Be thoughtful about who receives that information and how it’s collected by apps or websites.
  • When in doubt, throw it out. Cybercriminals often use links to try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
  • Share with care. Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it could be perceived now and in the future.
  • Own your online presence. Set the privacy and security settings on websites to your comfort level for information sharing. It’s okay to limit how and with whom you share information.
  • Identity thieves. Cybercriminals need only a few pieces of information to gain access to your financial resources. Phone numbers, addresses, names, and other personal information can be harvested easily from social networking sites and used for identity theft. Cybercrime attacks have moved to social media, because that’s where cybercriminals get their greatest return on investment.
  • Online predators. Are your friends interested in seeing your class schedule online? Well, sex offenders or other criminals could be as well. Knowing your schedule and your whereabouts can make it very easy for someone to victimize you, whether it’s breaking in while you’re gone or attacking you while you’re out.
  • Employers. Most employers investigate applicants and current employees through social networking sites and/or search engines. What you post online could put you in a negative light to prospective or current employers, especially if your profile picture features you doing something questionable or “less than clever.” Think before you post a compromising picture or inflammatory status. (And stay out of online political and religious discussions!)
February 07, 2017

UABSecure

UAB students, employees and faculty members should use this secure network. Users must have a valid BlazerID and password, and have their WiFi device properly configured for this network. Instructions for configuring a WiFi device for UABSecure are listed below.

Manual setup instructions for UABSecure

OSX 10.9

Windows 7

Windows 8

Windows 10

University of Alabama at Birmingham

DATA PROTECTION AND SECURITY POLICY

TBD

Related Policies, Procedures, and Resources

Data Classification Rule

1.0 Introduction

UAB electronic information assets (data) must be protected and maintained in accordance with all applicable federal and state laws and university policies. The intent of this policy is to provide a framework to ensure that electronic data, in all forms, are adequately protected.  This policy specifically outlines:

  • The roles and responsibilities of the UAB community for data protection and security;
  • Additional requirements associated with the use and maintenance of systems containing sensitive information.

2.0 Scope and Applicability of Policy

Managing and protecting data are responsibilities shared by all members of the UAB community [i.e., all individuals (faculty/staff/students/visitors), schools, departments, affiliates, and/or other similar entities within the UAB, including employees of contracted or outsourced non-UAB entities].  This policy applies to all UAB data and systems including, but not limited to, centralized institutional systems, departmental/unit systems, systems created or operated by third party vendors under the direction of UAB, and UAB data in any system.

3.0 Policy Statement

All members of the UAB community should protect their data and data under their control and periodically review all applicable data security, confidentiality, and acceptable use policies. The following rules and policies apply to data classification and protection:

  • Institutional Data must be classified according the UAB Data Classification Rule.
  • University Data must be protected according to the UAB Data Protection Rule.
  • Health System data must be protected according to the UAB HIPAA Policies.

Any information system that stores, processes or transmits institutional data must be secured in a manner that is considered reasonable, appropriate and compliant with University Policies and Federal and State Laws.  The required level of security depends on the nature of the data, as defined in the UAB Data Classification Rule.

3.1 Risk Assessment

Deans and administrative unit heads (in conjunction with UAB Information Technology) are responsible for ensuring the assessment and periodic review of the business processes and technical risks associated with implementing any planned, proposed, or existing electronic information system or data collection system. Risk assessments must identify specific procedures to minimize risks and the impact of potential breach/compromise of data.

3.2 Other Data Security Policies at UAB

Other data security policies implemented at UAB (campus-wide or locally by/for a specific department, school, or system) may be more restrictive than this UAB-wide policy but may not be less restrictive. Each University department/unit is responsible for implementing, reviewing and monitoring internal policies, practices, etc. to assure compliance with this policy.

3.3 Incident Reporting and Management

Any suspected breach or compromise of Sensitive or Restricted Data must be reported immediately to the Information Security Office in the Office of the Vice President for Information Technology and to the dean or administrative unit head.  Specific procedures for reporting a suspected or actual breach/compromise of data are located on the Information Security web site.  Upon receiving the report, the Information Security Office will be responsible for conducting or coordinating the investigation, making or assessing recommendations for corrective action, reporting the incident to the Executive Computer Incident Response Team (ECIRT) and other administrative units as needed, and maintaining documentation of the incident.

4.0 Exception

Exceptions may be granted in cases where security risks are mitigated by alternative methods, or in cases where security risks are at a low, acceptable level and compliance with minimum security requirements would interfere with legitimate academic or business needs. To request a security exception, complete the Information Security Exception Request Form.

5.0 Non-Compliance

Confirmed violations of this policy will result in consequences commensurate with the offense.  Intentional release of Restricted Data or egregious violations of this policy may result in termination of employment, appointment, student status or other relationships with UAB.

6.0 Maintenance

This policy will be reviewed by the UAB’s Information Security Office periodically or as deemed appropriate.

7.0 Implementation

The Vice President for Information Technology is responsible for the oversight and implementation of this policy, including the overall procedures related to its implementation and management.

 

UAB IT Research Computing will hold its spring HPC User Forum on Wednesday, Feb. 8.

The event will be held from 1 to 2:30 p.m. in Ballroom C at the Hill Student Center.

UAB IT Research Computing aims to conduct two user forums through the year (spring and fall) to update the HPC user community on the status of the HPC system, the organization, planned upgrades, policy changes, and to receive feedback from users in order to improve delivery of HPC services and support to the community.

With UAB's last HPC upgrade in fall 2016, UAB IT now has more than 2,300 additional compute cores and 6 petabytes of storage available to help researchers analyze and manage data and UAB aims to grow the compute, storage and network fabrics to support research needs on Campus.

Please register to attend the HPC user forum here.
January 17, 2017

Sign-in Error: Box

Sign In Error for Box 2

Please open a service ticket with AskIT to assist you with this request.
*|MC:SUBJECT|*
 
October 2016
 
A monthly report to UAB leadership and the IT community about technology projects
designed to enhance the work and lives of UAB staff, faculty and students.

Our shared responsibility

Month of activities set to boost security awareness on campus

Cyber security is our shared responsibility — particularly at UAB, as we work to protect our personal information and university data. October is National Cyber Security Awareness Month, and UAB IT has a number of activities planned to boost awareness of what students, faculty and staff can do to protect themselves and our institution. Read more about Cyber Security Awareness Month activities.

CAMPUS
Free Laptop Checkup open for students Oct. 4-5
UAB IT wants to help protect students’ computers — for free. The first Laptop Checkup for undergraduate students will be held from 10 a.m. to 3 p.m. Oct. 4-5 at the Hill Student Center. Check-in will be in the front of the TechConnect store on the first floor, and the laptop security checks will take place in room 220. Learn more here.

Simulated phishing emails can help boost awareness
Phishing emails put UAB IT students, faculty and staff at risk, so UAB IT is launching a new program that simulates such attacks to help educate the campus community about how to recognize suspicious messages. Learn more here.

Get one-click access to report phishing emails
Reporting suspicious messages used to be a multi-step process for UAB users, but now you can report a suspicious message with a single-click. Learn more here.

Outlook Mobile app now available for UAB email accounts
UAB students, faculty and staff will now be able to use the Microsoft Outlook Mobile app for their UAB email accounts. UAB IT had previously blocked the Outlook Mobile app because of security risks, which Microsoft has now addressed. The native mail applications for iOS and Android can also still be used for UAB email accounts. “Protection of UAB student, faculty and staff data is our top priority,” said Brian Rivers, chief information security officer. "Now that Microsoft has addressed security concerns, we're glad to make the Outlook Mobile app available to campus users who prefer it for their mobile devices."

Keeper password manager can make your life easier
Keeper is a password management tool that helps you keep track of different password logins so all you have to remember is one master password. Learn more here.
RESEARCH
UAB researchers use expanded computing power to accelerate big-data science
UAB researchers use expanded computing power to accelerate big-data science.
State's fastest supercomputer advances UAB research
With its new high-performance computing cluster, the fastest supercomputer in Alabama, the University of Alabama at Birmingham can now execute tasks in a couple of hours that took an entire day with the equipment it had in 2015. Learn more here

Event showcases research cyberinfrastructure
Researchers had the opportunity to showcase how they use the resources supported by UAB IT at Research Computing Day, held Sept. 14 at the Hill Student Center. The event also highlighted trends in research cyberinfrastructure, with industry leaders participating in the discussion. 

Research computing takes part in Core Day event
Research Computing personnel presented a poster at the UAB Core and Shared Resources Day 2016 on Sept. 9 at the Hill Student Center Ballroom. The event offers a unique opportunity for UAB's science and technology communities to come together in a central location to raise awareness about the many shared research facilities available on campus. 
TEACHING & LEARNING
TechConnect now offers repair services at Hill Center
TechConnect, UAB IT's technology storefront at the Hill Center, now offers a variety of technology repair services. The services, at competitive prices and in a convenient, on-campus location, are available for students, faculty and staff. Learn more here.
OPERATIONS & ADMINISTRATION
New cell phone plans eliminate overage charges
UAB IT is debuting new cell phone rate plans that are designed to be more economical and easier to understand. UAB has moved to the state cell phone rate plan. The new plans use shared minutes to eliminate overage charges and reduce overall costs, which will save the institution more than $70,000 over the next year. Users will be mapped to the appropriate plan based on a six-month average of their usage. New rate plans will on the November bills. Learn more here.
COMMUNITY
TechBridge partnership aids local non-profit organizations
UAB IT is a founding member of Birmingham's TechBridge chapter, which provides local nonprofits with business and technology assistance. Several regional corporations and institutions are partners in the organization. At an event late last month, the group announced its new partner nonprofits, for whom the group will use technology to transform their ability to serve the community. UAB IT, which was represented at the event, is committed to enhancing the community of information technology excellence for the economic, social and cultural benefit of Birmingham and beyond.

Carver to deliver keynote for first Alabama IT Symposium
Vice President and CIO Dr. Curt Carver will kick off the day with a keynote presentation for the inaugural Alabama IT Symposium, set for Nov. 10 at the Doubletree Hilton in Birmingham, is a one-day, executive level event designed to bring together IT management teams in Alabama. IT leaders will have the opportunity to network, collaborate and learn from their peers. Learn more about the event here.
SECURITY
Regional information security teams meet at UAB
The information security teams from UAB IT and HSIS hosted a regional security roundtable with their colleagues from universities across the Southeast on Sept. 30. 


UAB to host Cyber Security symposium
UAB’s Departments of Computer and Information Sciences and Justice Sciences, as well as the Center for Emerging Technology Investigations Forensics & Security will host Cyber Security 2020 on Oct. 13. The event will bring together business leaders, academics, policy makers, attorneys, chief information security officers, and others interested in information security. Industry leaders will serve as keynote speakers and will lead targeted breakout sessions alongside local and national experts to discuss best practices and tools for cyber security, policy and legal issues, incident response, contingency planning as well as cyber security insurance. In addition, researchers from around the state will provide insights on how universities are meeting our common cyber security challenges. Learn more here.
TECH CORNER
Security session will bring new info to campus IT
Campus IT professionals are invited to an information security session in which UAB IT will discuss upcoming plans for data classification, firewall requests and workflow, and incident response and crisis management. The session will be held from 2 to 3 p.m. Thursday, Oct. 13, in Cudworth Hall 140.

Software distribution changes delayed
Changes to the distribution method for software for UAB-owned machines has been delayed due to technical reasons. IT professionals across campus have worked with UAB IT to co-design the new solution for institutional software downloads. The new solution will use Microsoft System Center Configuration Manager (SCCM), which is installed on most UAB-owned computers. 
ON THE HORIZON
FASTER INTERNET: 100 Gbps connections are on the way for UAB. The upgraded connections will increase internet speed on campus up to 10 times, making UAB's network the fastest among universities in the state.

NEW APP: UAB IT has partnered with UAB Media Relations to develop a redesigned UAB app, which offers the most efficient way to get around and get connected on campus. The campus map has GPS-style directions to any location at UAB, and there is a full directory search.


IMPROVED CUSTOMER EXPERIENCE: With a renewed focus on improving the customer experience, UAB IT is in the final stages of hiring a new associate director for the AskIT help desk, with the hope of bringing the person on staff by November. Learn more about UAB IT's plans for improving the AskIT help desk.
DID YOU KNOW?
AKAMAI PARTNERSHIP: UAB has improved internet performance across campus through a partnership with Akamai, a web caching service. Learn more here.
 
Facebook
Facebook
Twitter
Twitter
Instagram
Instagram
Website
Website
YouTube
YouTube
Feedback
Feedback
 
*|MC:SUBJECT|*
 
November 2016
 
A monthly report to UAB leadership and the IT community about technology projects
designed to enhance the work and lives of UAB staff, faculty and students.

Blazing fast internet

UAB turns on fastest internet among state universities

Last month, UAB IT turned on the fastest internet among universities in Alabama, launching internet speeds of 100 gigabits per second, boosting available bandwidth by 10 times the previous capability and up to 10,000 times many standard home internet speeds. Read more about the 100 gigabit internet connection.

CAMPUS
Simulated phishing emails can help boost awareness
UAB IT's ongoing phishing awareness campaign is educating the campus community about suspicious emails and how they put individuals and the campus at risk. Since the campaign began, 7 percent of the recipients have fallen for the simulated phish — which means if it had been a real phish, they could have been infected with malware. “PhishMe is giving campus users the opportunity to learn more about phishing emails," said Brian Rivers, chief information security officer. "The simulation will help them recognize these emails when they are coming from malicious attackers." Learn more here.

Report phishing emails with just one click
Reporting suspicious messages used to be a multi-step process for UAB users, but now you can report a suspicious message with a single-click. Learn more here.

UAB IT welcomes new associate director for AskIT
In line with IT’s mission detailed in the IT Strategic Plan to mature the services offered by AskIT, UAB IT welcomes Associate Director Jason Johnson on Nov. 1. This position will focus on the overall experience that customers receive when contacting IT. Johnson will utilize metrics such as first call resolution and call abandonment rates to assess how well AskIT is performing. He will also develop procedures and coaching to improve the customer experience. Improving the AskIT help desk is a top priority for UAB IT — so much so that Vice President and Chief Information Officer Dr. Curt Carver has been working in the help desk once a month. “We want you to experience quick, reliable service that enables you to get back to doing great work that helps change the world," Carver said.

App has easy access to campus needs, including IT services
Have you downloaded the new UAB app for your mobile device? UAB IT worked closely with the Office of the Provost and University Relations to develop the app, which includes links to a variety of services, including the UAB directory, campus map and Canvas. There are also links to IT services, including the Administrative Systems page, AskIT and the TechConnect store. More integrations and additions will be coming to the app in the future.

Join UAB IT in contributing to annual Toy Drive
The annual UAB Toy Drive kicks off Nov. 1. Members of the campus community are encouraged to bring new, unwrapped toys to collection boxes across campus. The Toy Drive benefits Toys for Tots, and UAB has consistently been one of the largest contributors to the effort. Learn more here.
RESEARCH
Learn about MATLAB in free seminar
UAB IT Research Computing is hosting a free seminar to allow faculty, researchers and students to learn more about MATLAB. Learn more here
TEACHING & LEARNING
 
Scheduling classes will be easier for students in spring 2017 
Scheduling classes will be easier for UAB students thanks to a new registration tool that will be in effect for spring 2017 registration. Learn more here.

New waitlist option helps assess UAB course needs
UAB IT worked closely with the Office of the Provost to implement a new waitlist option in BlazerNET, which will allow the university to better assess course needs. Learn more here.

Students applications easier through Common App
Through collaboration with UAB admissions and the Banner Applications team, potential students now have the ability to apply to UAB through the use of the Common Application. This system allows incoming students to fill out one application and use that single application to apply to multiple schools without having to fill out an application numerous times. Members of the creation team believe this is beneficial as it widens the recruitment potential for UAB as the University works towards increasing overall enrollment. According to Chenise Ryan, executive director of Enrollment Operations, the launch has been a success as they have seen “almost 1,000 applications submitted via the Common App in the short two-month period we’ve been live.”
OPERATIONS & ADMINISTRATION
Reminder: New cell phone plans effective on November bills
After moving to the state cell phone rate plan, UAB has debuted new cell phone rate plans that are designed to be more economical and easier to understand. The new plans use shared minutes to eliminate overage charges and reduce overall costs, which will save the institution more than $70,000 over the next year. Users will be mapped to the appropriate plan based on a six-month average of their usage. New rate plans are on the November bills. Learn more here.

UAB IT praised for good stewardship with Office contract
UAB’s unique campus agreement with Microsoft is an example of UAB IT’s good stewardship of university resources, say advisers with Gartner, a leading information technology research and advisory company. Under the agreement, UAB can install Microsoft software on all UAB-owned and leased systems, and faculty, staff and students have limited rights to download the software onto their personal computers. The agreement gives students, faculty and staff access to the latest versions of Office and Windows at work and at home. Advisers with Gartner, which has provided analysis to UAB IT on technology issues, was impressed with the contract and the resources it provides to campus.
COMMUNITY
UAB IT pitches in to help build latest Habitat house
More than two dozen volunteers from UAB IT joined the UAB Benevolent Fund last month to put in a day's work helping to build the latest UAB Habitat for Humanity House. Employees and students from across campus have taken part in this year's build, which benefits U.S. Navy veteran Toni Byrd and her family. UAB IT employees took on roofing and siding work this year. The dedication of the house will be held Friday, Nov. 4. This is the third Habitat house built entirely by UAB volunteers.


UAB IT joins Alabama CIO Leadership Association
The Alabama CIO Leadership Association, a group of the state’s top IT professionals, held its first meeting in October. UAB Vice President and CIO Dr. Curt Carver will serve as co-chairman for the group. AlabamaCIO is the pre-eminent professional association for Alabama’s senior technology leaders. Their mission is to create a forum to share ideas, best practices, and experiences relevant to Alabama CIOs.

Alabama IT Symposium features keynote from CarverVice President and CIO Dr. Curt Carver will kick off the day with a keynote presentation for the inaugural Alabama IT Symposium on Nov. 10. The event, taking place at the Doubletree Hilton in Birmingham, is a one-day, executive level event designed to bring together IT management teams in Alabama. IT leaders will have the opportunity to network, collaborate and learn from their peers. Learn more about the event here.
SECURITY
Free Laptop Checkup reaches more than 50 students
UAB IT hosted the first free Laptop Checkup event for undergraduate students on Oct. 4-5. Students were invited to bring personal laptops for free security checks as a kickoff for Cyber Security Awareness Month on campus. Participants were also given consultations on best security practices and given free software and security updates. The event exceeded its goal by serving more than 50 students. Deidre Mitchell, Information Security Engineer for Information Security at UAB, says that this event is vital with how much this “current generation’s lives are intertwined with mobile devices and connectivity.” Not only did the checkup achieve the technical and attendance goals, but Mitchell notes that “we learned something more important – students actually wanted to learn how to keep their machines clean. The students were very appreciative of the services even when the depth of their problems were out of scope for the event. The event was truly a success.”

Security tip: May your password be unbroken
Did you know that most passwords are easily broken? Have you found it hard to create a good, strong password that you can remember? Creating a strong, but easily remembered, password can be a challenge, but a few "secrets" can help you. Check out the dos and don'ts here.
TECH CORNER
Default-deny firewall posture goes into effect in December
Campus IT professionals can now request a firewall rule change through a new form in the IT Service Portal. UAB IT is continuing plans to update and modernize its campus edge protections to limit the impact of attempted intrusions by external attackers. UAB will be modifying the border firewall posture at the end of December to what is known as “default-deny,” a best practice for enterprise environments. This posture will improve the security of the campus network, information systems and any private or sensitive data stored at UAB. If you have any questions, please contact AskIT

UAB IT begins pilot program for Office 365 email
This month, UAB IT is launcing a pilot program to move its employees’ email to Office365. Office 365 offers several advantages for users, including new tools and continual upgrades to improve the service and environment. And because email is in the cloud, it is not dependent on UAB facilities being available when the user is off-campus. During the pilot program, UAB IT employees will be asked to provide feedback on the change. Once the pilot is successful, UAB IT will begin migrating all faculty and staff email to Office 365. Instructions on how to prepare for the migration will be coming.
DID YOU KNOW?
UAB researchers use expanded computing power to accelerate big-data science
UAB researchers use expanded computing power to accelerate big-data science.
ROBUST RESEARCH COMPUTING: UAB's new supercomputer accelerates research. Learn more here.

BOLD APPROACH TO TECHNOLOGY: The UAB Compliance Office featured UAB IT in its October newsletter, highlighting the department's vision, strategic plan, and new security initiatives. Read the newsletter here.
 
Facebook
Facebook
Twitter
Twitter
Instagram
Instagram
Website
Website
YouTube
YouTube
Feedback
Feedback
 
 
December 2016
 
A monthly report to UAB leadership and the IT community about technology projects
designed to enhance the work and lives of UAB staff, faculty and students.

Student success

UAB IT using technology to help retain students, improve education  

In partnership with the Office of the Provost and other departments across campus, UAB IT is introducing a number of new technologies designed to improve students' education — and help them stay in school. Beginning in the spring semester, a pilot program offering automated communications in Canvas will go campus-wide, giving faculty another tool with which to reach students who have missed class. Learn more here.

CAMPUS
TechConnect offers deals just in time for holidays
Need a new laptop? TechConnect, UAB’s student-centered tech store powered by UAB IT, has great deals just in time for the holidays. Learn more about the sales — including an opportunity for a $150 gift card from Dell.

New security posture will help protect network, data
Security is UAB IT's top imperative. To better protect the campus network and sensitive data, UAB IT is updating and modernizing its campus edge protections to limit the impact of attempted intrusions by external attackers. This means only approved network services will be allowed, offering better protection for students' and employees' data. Learn more here.

Pilot programs under way for Office 365 employee email
UAB IT employees are currently in a pilot program for using Office 365 for email, the same system used by UAB students. The School of Engineering will soon take part in a similar pilot. If the pilots are successful, all campus employee email will be migrated to the Microsoft cloud system. The system offers advantages for employees, including updates and new features. Learn more here.

Santa's on his way for UAB Toy Drive
The annual UAB Toy Drive, organized by UAB IT, is under way. Members of the campus community are encouraged to bring new, unwrapped toys to collection boxes across campus. On toy pickup day, Dec. 14, Santa Claus and his elf will be greeting people at the Administration Building. The Toy Drive benefits Toys for Tots, and UAB has consistently been one of the largest contributors to the effort. Learn more here.
RESEARCH
UAB stars in Dell video at Supercomputing Conference
With a video starring UAB researchers and UAB IT employees, UAB was featured at the Dell Supercomputing Conference, which took place from Nov. 14-19. UAB’s work in personalized medicine, genomics, and other ground-breaking research requires equally high-powered computing and UAB’s new hyper-performance computing system makes analyzing crucial data happen at super speeds. The new computing system, the Cheaha cluster by Dell EMC and Intel, not only supports the researchers, but also the clinicians and others at UAB working to change the world. Learn more about UAB's supercomputer.
TEACHING & LEARNING
Faculty Profiles is reducing faculty workload
It has been a productive year for the team working on Faculty Profiles, a system that will bring faculty data into one central location. This system includes grants, professional and teaching activities, and publications, among other achievements. The system, powered by Elements and provided by Symplectic, is currently available for faculty and delegate usage but certain parts of their profiles will be made public via VIVO during the next year. Sources for Faculty Profiles currently include Banner, IRAP, and the Schools of Medicine course system and this list is growing. This system will provide an easier and more efficient way for faculty to document important milestones. A system upgrade brought a cleaner, less cluttered home page and new abilities to track publications. VIVO integrations, for public-facing profiles, are ongoing and on target for deployment during 2017. More than 500 new faculty members and their delegates from the Schools of Medicine, Health Professions, Nursing, Public Health, Dentistry and Optometry have been added to the system. Also trained this year were Art & Art History, School of Dentistry, and School of Public Health. All trainings in total added more than 800 new faculty and staff to the system. UAB IT’s Ralph O’Flinn and his team continue to evaluate ways to assist faculty members with their T32 data requirements by adding trainees to faculty profiles. “Moving forward, it is important for faculty members to have a central location where their groundbreaking research and professional activities can not only be viewed by the UAB community, but the public as a whole,” O’Flinn said.
OPERATIONS & ADMINISTRATION
Learning Locker now includes Lynda.com training records
The UAB Learning Locker, which offers UAB employees a centralized view of their LMS training, now incorporates Lynda.com training. With the Learning Locker, employees can view, search, print, email, and validate training certificates for all compliance training, LMS training and Bedroc historical training records. The UAB IT Application Consulting Services team partnered with Human Resources to integrate Lynda.com training history into the LMS data mart and create a new portal for UAB employees to see their training history in one place.

Work LoCale offers work-at-home payroll calendar
In support of the new UAB work from home policy, UAB Payroll worked closely with UAB IT Application Consulting Services to create a custom payroll work-at-home pay calendar called Work LoCale, which is available only to those certified as work from home employees. This calendar is used by the work-from-home employee to track the days worked from home versus from the office. The net result is a decrease in payroll taxes attributed to city and county taxes.

Intermacs team moves to new KIRSO Institute
Three UAB IT team members who have worked closely with the Intermacs team have now moved to the new KIRSO Institute at UAB, the John and James Kirklin Institute for Research in Surgical Outcomes. The team has worked over the years to construct applications that resulted in Intermacs, Medamacs, Pedimacs and the Pediatric Heart Transplant Study. "We offer our most sincere wishes for continued success to the entire team," said Bill Laughlin, director of UAB IT Application Consulting Services. "Each will be greatly missed, but how exciting for them to be a part of the journey with the new institute."

UAB IT lays out future path for IT facilities
IT facilities planning for the future includes a new data center, classroom management, new facilities fiber and a protected network for the "internet of things," Vice President and CIO Dr. Curtis Carver explained in a presentation to campus leaders last month. Among the plans are a new building, anticipated in July 2019, that would house a new data center; deploying voice over IP phone technology in the next 18 months; and incorporating costs for new fiber into the construction cost for new buildings on campus.
COMMUNITY
 
New web site highlights Birmingham's growing tech sector
TechBirmingham has launched a new web site, workyourmagic.org, designed to recruit technology employees to the city. Highlighted on the web site is a video that showcases opportunities in the Magic City.

Carver assisting TechBridge with outreach efforts
Vice President and CIO Dr. Curt Carver serves on the Alabama Advisory Board for TechBridge and recently joined the TechBridge Outreach Committee as its Advisory Board liaison. The Outreach Committee seeks support for TechBridge's digital events to raise funds for TechBridge. TechBridge assists non-profit organizations with technology and business expertise, with a focus on organizations that seek to alleviate poverty. TechBridge is based in Georgia but has now expanded to Alabama.

Carver speaks to Alabama IT Symposium
Leading in a time of transformational change was the subject of a keynote speech by Vice President and CIO Dr. Curt Carver at the inaugural Alabama IT Symposium last month. "We live in a time of exponential change," Carver said, encouraging those attending to look beyond traditional ways of leading. "We're going to have to take transformational steps." Carver also detailed the ways in which technology can assist higher education, including efforts to improve student retention and graduation rates. 
SECURITY
Classification proposal to streamline data protection
UAB IT and HSIS have been working on a standard data classification requirement for the university and hospital system, which would help protect patient, student, faculty and staff data. Learn more and read the proposed standard here.

Security tip: Manage your online reputation
As we integrate more of our lives into social networking sites, keep in mind some simple dos and don’ts when sharing online. Learn more here.
TECH CORNER
New systems status page offers up-to-date outage info
UAB IT has launched a new systems status page to provide an up-to-date schedule of planned maintenance and outages to UAB systems, as well as updates on unplanned outages that affect campus. Visitors to status.uab.org can subscribe to receive updates from the page in a variety of ways — email, text messages and RSS feed — and can choose which components for which they need updates. A calendar shows visitors which systems have planned outages, and updates will be posted to the page throughout the duration of each outage. This new functionality allows all UAB community members to learn of an outage at the same time as the UAB CIO.
ON THE HORIZON
DOCUSIGN: UAB IT and UAB Financial Affairs are working to implement Docusign for campus. Docusign provides electronic signature technology and Digital Transaction Management services for facilitating electronic exchanges of contracts and signed documents. This is a major initiative to modernize and eliminate paper-based processes and improve UAB faculty, student and staff experiences. 

ADMINISTRATIVE SYSTEMS PAGE: UAB IT has partnered with University Relations to work on a redesign of the Administrative Systems page. The new page will have larger tiles to access the various systems across campus, along with an RSS feed for the new Systems Status page to alert students, faculty and employees of outages and planned work on campus systems.
DID YOU KNOW?
REPORT SUSPICIOUS EMAILS: Reporting suspicious messages used to be a multi-step process for UAB users, but now you can report a suspicious message with a single-click. Learn more here.

NEW UAB APP: Have you downloaded the new UAB app for your mobile device? UAB IT worked closely with the Office of the Provost and University Relations to develop the app, which includes links to a variety of services, including the UAB directory, campus map and Canvas. There are also links to IT services, including the Administrative Systems page, AskIT and the TechConnect store. More integrations and additions will be coming to the app in the future.
 
Facebook
Facebook
Twitter
Twitter
Instagram
Instagram
Website
Website
YouTube
YouTube
Feedback
Feedback
 
 
January 2017
 
A monthly report to UAB leadership and the IT community about technology projects
designed to enhance the work and lives of UAB staff, faculty and students.

Looking ahead

UAB IT has new slate of projects for the coming year 

Happy new year! As we return to campus for a new semester, UAB IT is planning a number of new initiatives for 2017 to help improve the lives of students, faculty and staff. Building on the IT Strategic Plan, which was co-authored with constituents across campus, UAB IT has a slate of new projects on tap this year. Learn more here.

CAMPUS
New systems status page offers up-to-date outage info
You can now learn about an outage to a UAB system at the same time as the chief information officer. The UAB Systems Status page, located at status.uab.edu, provides an up-to-date schedule of planned maintenance and outages to UAB systems, as well as updates on unplanned outages that affect campus. Visitors to status.uab.edu can subscribe to receive updates from the page in a variety of ways — email, text messages and RSS feed — and can choose which components for which they need updates, such as email, Oracle HR and finance or high-performance computing. A calendar shows visitors which systems have planned outages, and updates will be posted to the page throughout the duration of each outage.

Classification proposal to streamline data protection
UAB IT and HSIS have been working on a standard data classification requirement for the university and hospital system, which would help protect patient, student, faculty and staff data. Learn more and read the proposed standard here.
TEACHING & LEARNING
Quality assurance cards keep track of classroom support
UAB IT Classroom Support is placing quality assurance cards in all classrooms it supports. These cards explain that UAB IT is checking the rooms to verify they are working properly, have proper supplies and are clean. The cards also include contact information for Classroom Support so that instructors and students can report any issues or get training on equipment. There is a place for the technician to sign and place the date of inspection so that any faculty can see when the classroom was checked.
OPERATIONS & ADMINISTRATION
eLAS certification must take place by Jan. 15
Each department eLAS user must certify their vacation, sick, and personal holiday balances prior to the annual rollover of excess vacation to sick, which occurs on Jan. 15, 2017. Your certification must occur before this rollover process on Jan. 15. If you have questions regarding your current balances or any pending/not yet approved requests, it is important that you raise these questions prior to Jan. 15, 2017. You can certify your balances at any time by clicking the red “Certify" button that will appear on the "Employee Timeoff" page of eLAS. This will display your balances. If you deem correct, then press the “Certify" button. There are no other actions performed, only a record that on that date you agreed to the balances displayed. 
COMMUNITY
UAB Toy Drive collects hundreds of gifts for children in need
The annual UAB Toy Drive, organized by UAB IT, collected hundreds of Members of the campus community are encouraged to bring new, unwrapped toys to collection boxes across campus. On toy pickup day, Dec. 14, Santa Claus and his elf greeted employees and guests at the Administration Building. The Toy Drive benefits Toys for Tots, and UAB has consistently been one of the largest contributors to the effort. 

Carver makes two of Enterprisers Project's top 10
Vice President and CIO Dr. Curtis A. Carver Jr. has been featured in the top ten articles of the year for Enterprisers Project, a community of CIOs discussing the future of business and IT. Carver contributed advice in the second most popular article of the year, 12 tips to survive the IT talent crisis, and wrote the third most visited piece, Are 18-month org charts and constant training the new reality for IT? In this article, Dr. Carver discusses the importance of enterprises developing their own internal talent to increase loyalty and consistency and to decrease the costs of recruiting talent who may not stay in the organization. Check out he complete top 10 list here.

SECURITY
Security tip: Safeguard your online privacy
Because we exist in digital form all over the Internet, it is important to ensure that the digital you matches what you are intending to share and to guard your privacy — not only to avoid embarrassment, but also to protect your identity and finances!  Learn more here.

New security posture will help protect network, data
Security is UAB IT's top imperative. To better protect the campus network and sensitive data, UAB IT has updated and modernized its campus edge protections to limit the impact of attempted intrusions by external attackers. This means only approved network services will be allowed, offering better protection for students' and employees' data. Learn more here.
TECH CORNER

BLUG offers training opportunities for members
UAB is a founding member of BLUG and utilizes the training opportunities and savings that BLUG provides to the member companies. By working as a COOP, BLUG provides its members highly qualified technical training at a greatly reduced cost over the public market and provides the training locally for its member companies thus saving on travel costs and time away from work. For more information on BLUG and the current training calendar visit www.blug.info. On this site you will find the current class calendar, registration information, and contact information.

Pilot programs continue for Office 365 employee email
UAB IT and School of Engineering employees are currently in a pilot program for using Office 365 for email, the same system used by UAB students. If the pilots are successful, all campus employee email will be migrated to the Microsoft cloud system. The system offers advantages for employees, including updates and new features. Learn more here.

DID YOU KNOW?
NEW UAB APP: Have you downloaded the new UAB app for your mobile device? UAB IT worked closely with the Office of the Provost and University Relations to develop the app, which includes links to a variety of services, including the UAB directory, campus map and Canvas. There are also links to IT services, including the Administrative Systems page, AskIT and the TechConnect store. More integrations and additions will be coming to the app in the future.

REPORT SUSPICIOUS EMAILS: Reporting suspicious messages used to be a multi-step process for UAB users, but now you can report a suspicious message with a single-click. Learn more here.
 
Facebook
Facebook
Twitter
Twitter
Instagram
Instagram
Website
Website
YouTube
YouTube
Feedback
Feedback
 

The Data Classification Requirement is a standard effort to identify and classify UAB’s data as restricted/PHI, sensitive or public.


There are three classes of data as defined in the standard:

  • Public Data is available to the general public and if disclosed will not cause harm to UAB.
  • Sensitive data is not readily accessible or available to the general public and may require authentication for access.
  • Restricted/PHI data is only available to authorized users with permission of the Data Owner for a specific purpose.  Usually regulated by law or contractual obligation.


There are three primary reasons to classify data:
  1. Security - It is much more difficult to secure data when you don’t know the appropriate level of security to apply.  In efforts to secure the assets of UAB, the data classification will go a long way to simplify this effort.
  2. Simplicity – There are a myriad of compliance requirements, rules and laws that apply to various types of data.  Data Classification allows us to simplify protection requirements and reduce complexity of security rules.
  3. Cost - Knowing what types of data we have helps to know how they are protected.  This allows UAB to avoid applying overly constrictive security controls to data that doesn’t need it.


UAB data users are responsible for following use and handling policies for the UAB data and UAB systems as well as applicable rules and laws.  Data users should not store or process sensitive data on their desktop or laptop computers without approval and appropriate security safeguards in place.  Report breaches to the information security office and complete annual security awareness training.


UAB data stewards are responsible for the policy and practice decisions regarding their data and for classifying the sensitivity of your data.  Define protection requirements for the data based on the sensitivity of the data, any legal or regulatory requirements, and business needs.  Communicate data protection requirements to the Data Custodians and/or System Administrators and define requirements for access to the data.  Data owners are also to complete annual role-based training.


In most cases, Yes. UAB must have a contract with the cloud provider to ensure the data is protected appropriately. Personal services do not provide the appropriate level of protection for Institutional data.  Do not store sensitive information on cloud storage services that UAB does not have an institutional-level contract approved for storing sensitive or restricted data.


  1. Public – UAB Box or UAB Microsoft OneDrive
  2. Sensitive – UAB Box
  3. Restricted - UAB Box – Subject to any applicable laws.  PHI and credit card information is prohibited.


The classification of research data depends on several factors such as type of data, and/or contractual elements and thus may fall into any of the classifications defined herein.  Likewise, time of release and collaboration effect the classification of research data.  As such, certain unpublished research data may be classified as private or sensitive until such time the research is published.  Likewise, intellectual property that has not been disclosed to or protected by the IIE may need to be classified as sensitive.  Additionally, federal laws, rules and regulations (including but not limited to FISMA, HIPAA, FERPA, and Export Controls), sponsor requirements, and UAB policies and guidelines will necessitate a certain classification.  It is incumbent upon the Researcher to know the type of data, the circumstances governing the data, and classify it accordingly.  Once classified, the Researcher will need to maintain the data using the appropriate UAB system of record or database with the appropriate access and security controls aligning to the classification standard.  For example, not all UAB data storage options are recommended for sensitive data.  Research data shall also be maintained in accordance with UAB’s Record Retention Policy and record retention schedule.  For more information about protected research data please refer to the UAB OVPRED or the UAB IT Data Officer.


First you must request that an exception be granted to allow Restricted data must be encrypted if stored on a mobile or remote device.


  • Reading and complying with UAB IT policies.
  • Reporting breaches of IT security, actual or suspected, to the Information Security Office.
  • Taking reasonable and prudent steps to protect the security of IT systems and data to which they have access.
  • Complete annual IT Security Awareness Training


  • Implements, manages, and/or operates a system or systems at the direction of the System Owner, Data Owner, and/or Data Custodian.
  • Day-to-day administration of IT systems, and implements security controls and other requirements of the University’s information security program.
  • Completing annual, role-based training.
  • Each system should have at least two System Administrators (one primary, one secondary).


Protecting the data in their possession from unauthorized access, alteration, destruction, or usage.
Establishing, monitoring, and operating IT systems in a manner consistent with Radford University Information Security policies and standards.
Providing Data Owners with reports, when necessary and applicable.
Completing annual role-based training.


  • Responsible for the policy and practice decisions regarding data.
  • Evaluate and classify sensitivity of the data.
  • Define protection requirements for the data based on the sensitivity of the data, any legal or regulatory requirements, and business needs.
  • Communicate data protection requirements to the Data Custodians and/or System Administrators.
  • Define requirements for approving access to the data.
  • Define requirements for regular auditing and removal of access to the data.
  • Complete annual role-based training.


The UAB Data Classification scheme and protection requirements only apply to UAB institutional data.  Use due care when handling your own personal data.