Skip to navigation content (Press Enter).

Security Initiatives

In late 2011 an external IT Security Audit was performed resulting in remediation planning activities to enhance Information Security policies and other controls to mitigate Information Security risk to the institution.

The remediation activities are currently underway however there are several steps McMaster University can make to accelerate aspects of the IT Security remediation plan and in turn immediately enhance the security posture of the university.

The following details the immediate recommendations that have received support from senior administration at McMaster University to proceed:

  1. UTS Security group will perform immediate comprehensive scans of primary websites such as daily news and the main website upon consultation and agreement with the various administrators for appropriate scheduling to ensure the impact to service is kept to a minimum.  Other sites may be identified where appropriate.

  2. Accelerate the vulnerability scanning program of all externally web facing servers being performed by UTS Security in conjunction with server administrators across the organization. Communication will be provided to all server administrators detailing the proposed schedule and the expected remediation response to any identified risks.  The scans are not expected to cause issues to these systems or services however they will be scheduled of out of hours to reduce potential impact.

  3. Authority to remove network access to any external web facing system in the event of a verified security breach needs to be explicitly designated to the appropriate role.  An escalation, communication and approval matrix will be developed to guide the execution of access removal.  Criticality of breach will be used to ascertain the most appropriate response given a security incident scenario.  And the escalation process will be tied to the criticality of the risk as assessed by the UTS Security group in the context of external legal and regulatory requirements.

  4. UTS Security will develop an external facing server security standard that must be adhered to by all server administrators, from all departments and faculties, who operate and maintain externally web facing servers at McMaster University.  A related security standard for all other servers and also all computer systems connecting to the McMaster network will also be developed to help guide administrators in appropriate security controls on these systems to mitigate Information Security risk to the organization.

  5. Creation of a special interest group in Information Security consisting of security professionals or roles responsible for security across campus to enable collaboration and provide a more comprehensive security blanket for McMaster University.  The SIG will be used to enhance communication and education of security leveraging people that faculties and departments already utilize for their IT support.

  6. Educational sessions for the various levels of responsibility will be developed and scheduled to discuss and understand what is Information Security Risk and how does Information Security Governance play a role in mitigating that risk.  Discussion topics may also include mitigation strategies and best practices in Information Security.

All of these recommendations are in line with Vision 2020 and work to address concerns identified in the IT Security Audit review.

Service Bulletins

Citrix Receiver Client Update

UTS asks Citrix users to upgrade Citrix Receiver Client to the most current version by February 28, 2017. See UTS Citrix website for installation and removal information.


Mosaic Upgraded Interface

Service Desk

Client Self Service:
https://servicedesk.mcmaster.ca
Hours: Monday - Friday
8:30 am - 4:30 pm
Phone: 905-525-9140 x24357 (2HELP)
Email: uts@mcmaster.ca
Location: Main Campus BSB Rm. 245
Service Catalogue:
http://www.mcmaster.ca/uts
-->

Great Idea Site

Great Idea