New policy and procedure prioritize data protection

Information security is important to all of us

April 14, 2020 —

New Information Security policy, procedure and standards have been developed to better protect the information used and shared by the university community, both within and outside the university. They were approved by the UM Board of Governors on February 3, 2020.

“Systems used to process, store, retrieve and transmit information play a vital role in the conduct and success of the UM’s teaching, learning, research, outreach and business processes,” says Patrick McCarthy, director of IST Information Security and Compliance.

“The Information Security Policy will also enable us to reduce the impact of the cyber threats all organizations and educational institutions are facing,” he adds.

The policy, procedure and standards apply to everyone in the university because, as McCarthy notes, we all have a responsibility to keep our data safe and protected.

The purpose of the Information Security Policy is to:

ensure the protection of the all information and information systems;
mitigate risks associated with theft, loss, misuse, damage or abuse of information systems;
ensure staff, students, faculty and researchers are aware of and comply with provincial and federal legislation;
minimize the university’s exposure to cyber attacks;
ensure that information users understand their responsibilities; and
protect the university from liability.

Developed by the Information Security and Compliance team, the draft policy and procedure were reviewed by units including human resources, the office of legal counsel, audit services, access and privacy and the unions across the university prior to ratification.

What do I need to do?

Read the policy, procedure and associated standards.

Some standards like the Password Standard apply to everyone, while others like the Workstation Patch Management Standard apply to anyone responsible for managing, updating or maintaining computer systems.

Where do I get more information?

If you have any questions, concerns or would like more information about your responsibilities, email the Information Security and Compliance team directly at infosec [at] umanitoba [dot] ca.

Thank you for your continued help in ensuring the confidentiality, integrity and availability of the university’s data.

Remember: Information Security Starts with You!

IST Communications

Cybersecurity, Faculty and Staff, Information Security

VP Evolution Project enables Entra MFA for VIP/ESS access on April 3

The VIP Evolution project is a multi-year project, with dedicated resources from Information Services and Technology (IST), Human Resources and Payroll, led by a project board of leaders from across the UM community. The project’s focus is leveraging VIP functionality, reducing risk, and improving the user and employee experience.

Recognizing and combating fraud this tax season

Tax season is a heady time for fraudsters who hope to take advantage of seasonal anxiety to scam Canadians out of their money. Of course, tax season isn't the only time scammers have their way. Two common types of fraud that often threaten organizations are phishing and business email compromise (BEC) scams. These frauds are meticulously designed to appear credible, often leaving individuals and businesses vulnerable to significant losses.