Advanced Email Filtering

99 %

Status

Project is 99 % complete, starting on Tue 2/19/19 and ending on Fri 4/10/20.

In Process [ Work has begun on the project request or project.]

99% complete, updated on Mon 8/3/20 9:05 PM by System Administrator

Changed Health from Green - On track to Yellow - At risk with corrective actions.
This project was automatically moved to Yellow health because it had not been updated in 11 working days.

Details

Dates
Tue 2/19/19 - Fri 4/10/20
Acct/Dept
Information Technology Svcs Admin
Service
Security / Security - Service Request
Type
General / Security
Health
Yellow - At risk with corrective actions
Portfolio(s)
Classification
Projects
Created
Mon 1/7/19 10:45 AM
Modified
Mon 8/3/20 9:05 PM
Describe below if you have a particular solution in mind.
We have identified two likely vendors that are both available under current UI contracts.
Describe the key benefits of a solution
Described what the university will gain from the solution and what the end result looks like (automations, process changes, equipment, etc.)
Regulatory
Mandate
Other
Additional FTE Required to Support this Solution?
Number of full-time employees that would need to be hired to perform the technical or admin support for the solution. Enter "0" if not applicable or it is unclear at the time of request.
0
Number of Employees Impacted
Indicate the number of employees that will either administer or operate the system or solution. Enter "0" if not applicable.
2700
Number of Users Impacted
Number of prospective students, current students, staff, faculty, retirees, affiliates or anyone who may be using this solution. Enter "0" if not applicable.
30000
Required Due Date
Date when the regulatory, compliance, or mandatory component must be completed.
03/15/2019
In Scope
Items that are within the scope of work on this project. Each item should be specific enough, but not at the detailed requirements level.
1) Implementation of a service that protects U of I users from emails with malicious content
2) Filter all incoming and outgoing emails per defined criteria.
3) Integration with UI directories, incl. Active Directory (AD) and/or Azure AD.
4) Log integration with Splunk
5) Integration with Office 365 for removal of malicious content.
6) Identify, design, and develop relative reports and metrics needed from system.
7) Documented support processes
8) Assess and determine usage of quarantine digest
9) Develop materials and host customer training sessions for users and Local Support
10) Develop and implement a Communication Plan
11) Implementation of Office 365 data leakage protection/functionality (including user training)
12) Identify and decommission unused Sophos e-mail appliances
13) Vendor negotiations and contracting for service
14) Deploy virtual server to support threat response auto pull
15) Evaluation and recommendation on how to handle on premises unauthenticated SMTP
16) Migration plan for safelisted senders
17) Define monitoring strategy and plan
18) Develop Training plan and train on "Targeted Attack Protection" (employees only)
19) Update knowledge base (FAQ's, support docs, etc.)
20) Develop and document roles & responsibilities for supporting email filtering
21) Assessment and recommendation for integration with collective intelligence framework
Out of Scope
All items determined outside of the scope of the project.
1) Any other integrations with Office 365 not identified within scope.
2) Office 365 data leakage beyond outgoing email
3) Implementation of major changes to DMARC policy.
Key Success Factors
Items that will deem this project successful.
1. Enhanced filtering capabilities for all U of I email recipients
2. Improved email and business continuity by moving to the cloud
3. Completed on or before 3/31/20

1. Technical

Infrastructure: Software-as-a-Service (SaaS)
Yes: Off-Prem
Use of Data: Integrations, imports and exports, etc. of data (with systems like Banner, etc)
Office 365
Provide suggested solution.
ProofPoint and Mimecast are two vendors currenty being assessed.
Solution already available?
No
Does this replace or require modification to a current system?
Yes
Are there any pre-requisite projects or related processes/projects that will need modification?
No
Technical Review Complete
Yes

2. Initial Security Review

Data Classification
Low Risk
Moderate Risk
High Risk
N/A
High
Authentication service to be used
SAML 2.0
Access and permissions required
Appropriate Security team accesses

3. Project Management

ITS Cascaded Plan
Is project on the ITS Cascaded Plan?
No
PM complexity
Low – low risk and low impact
PM General assessment notes
UBFC approved $125,000. CIO approved $85,000 spend in fiscal year 2019. Remaining $40,000 to be spent in FY20.
Project Management Review Complete
Yes

6. Presidential Approve / Deny

Governance Score
This field is a manual entry and represents the finalprioritization scores after Cabinet and President have approved priorities.
62.77

Description

This change was funded by the 2018 UBFC process. The 2017 IT Risk Assessment identified as a top (high) risk, the limited protection on U of I email gateways from malicious URLs and attachments. Additional and more advanced services are needed to reduce the risk of malicious attackers compromising U of I systems. While attackers have compromised more than 160 U of I accounts in the past 18 months by obtaining usernames and passwords, that risk is being mitigated by Multifactor Authentication (MFA). It is expected and has been widely seen at other institutions that attackers will shift tactics to trick users into running malicious software or opening malicious attachments as a way to obtain U of I data. This capability is a foundational control as identified by the Center for Internet Security's Critical Security Controls, number 7.8. This also assists with compliance with specific university, state, federal, or other regulatory directives.

Goals

  1. Dept / Unit Goal (Please describe goal)

    Addresses a top risk from 2017 IT Risk Assessment - recommendation from that was to mitigate high risk items, such as email vulnerabilities.

Risks

  1. High Data confidentiality level

    Impacts all U of I email, so addresses HIPPA and other major high-risk data.

  2. Low Definition of costs

  3. Medium How unstable is the current system?

  4. Low Impact to Business Continuity

  5. Low Lack of project sponsorship

  6. Low Level of expertise needed for this project

    Security Team knowledge and abilities.

  7. Low Level of project management is skill needed

  8. Medium Likelihood of vendor dependency

  9. Medium Overall complexity of the project

  10. Low Overall size of the project budget

    This project is funded by UBFC.

  11. Medium Risk associated with vendor security standards

  12. Medium Technology complexity level

  13. Low Vendor track record

  14. Medium What is the impact of doing nothing?

    UBFC funding would be reallocated and this project may not be funded in the future. Compromised accounts would continue.

Intangible Benefits

While attackers have compromised more than 160 U of I accounts in the past 18 months by obtaining usernames and passwords, that risk is being mitigated by Multifactor Authentication (MFA). It is expected and has been widely seen at other institutions that attackers will shift tactics to trick users into running malicious software or opening malicious attachments as a way to obtain U of I data.

This capability is a foundational control as identified by the Center for Internet Security's Critical Security Controls, number 7.8. This also assists with compliance with specific university, state, federal, or other regulatory directives.
 

Manager(s)

Stakeholders (4)

Carl Pearson

Carl Pearson

IT Security Analyst
Responsible
TBD
Mon 12/17/18 5:31 PM
Don Miller

Don Miller

Systems Integration Analyst
Responsible, Consulted
Office 365 SME
Mon 12/17/18 5:31 PM
Dylan Jacob

Dylan Jacob

Responsible
TBD
Mon 12/17/18 5:32 PM
Mitchell Parks

Mitchell Parks

Chief Info Security Offcr
Responsible, Accountable
Security Lead and Sponsor
Mon 12/17/18 5:30 PM