2021 UNC CAUSE

Vendor risk management (VRM) is a program that all higher education institutions have struggled with over the years. In many cases, Information Security Offices are not aware of technology purchases until they are already purchased or a tight deadline for review. Given the recent incidents revolving around supply chain management, campus senior leadership are asking great questions on how IT and Information Security are managing these risks. This panel presentation and discussion will showcase the different models that are in place today and the evolution across the UNC system to standardize, establish baselines and be able to collaborate on VRM activities so that we can raise awareness of the risks and provide visibility to our campus leadership.

Our panel includes: Oscar Knight, Miranda Warren from Appalachian State University; Bill Coker, Damon Armour from NC State University; Brian Penders, Mel Radclife from UNC Chapel Hill; Mike Rollins from UNC Greensboro.

Note: Log into Sched to see the "Open Zoom" button. Make sure to complete these 5 steps to get access.

A technical debt remediation project that was already in its planning phase had to be completely reimagined for a post-pandemic return to campus. With a list of 9 compliance metrics needing to be assessed on over 1,700 devices across a 50 department division, the sudden change to remote-work brought on by the global pandemic made accurate inventory management seemingly impossible. Equipped with a department of only 13 technology staff members, we developed a comprehensive schedule and communication plan and roll-out to accommodate the unique needs of 50 different stakeholder departments.

Presentation will include:
- Problem overview (what is Technical Debt? How does it compound? Why is it difficult to eliminate?
- Mechanisms we tracked
- Tools and resources
- Communication plans
- Various roadblocks and solutions
- Overall completion metrics
- Technical debt prevention methods

Participants will leave with a blueprint for addressing tech debt in their organizations.

Note: Log into Sched to see the "Open Zoom" button. Make sure to complete these 5 steps to get access.

News reports continue to highlight the serious implications for ransomware attacks against companies and organizations, including for higher education institutions. We will examine practical security controls that can be effective in defending against ransomware attacks, with an emphasis on examining what the literature says concerning what practices are most likely to demonstrably reduce risk. At the same time as we take such an evidence-based perspective at looking at what safeguards are likely to work, we'll also look at what weaknesses have been exploited in ransomware incidents. Our UNC System Standard 1400.3 on User Identify and Access Control emphasizes the importance of MFA. For example, we'll look at empirical evidence concerning the value of MFA and consider examples such as how failure to have MFA safeguards in place was at the heart of the Colonial Pipeline attack.

Note: Log into Sched to see the "Open Zoom" button. Make sure to complete these 5 steps to get access.