Skip to main content

Information Security Report 2020

Information Security Services (ISS) ensures the confidentiality, integrity and availability of the University’s IT resources and data, protecting them from intentional or unintentional compromise, misuse, loss or damage.

ISS approved a three year strategic plan in 2018 that focuses on: lowering WVU's risk exposure to network vulnerabilities, phishing URLs, malicious software, and loss of sensitive data; updating our identity and access management solution; ensuring that all students and staff are aware of cybersecurity best practices; effectively managing technology risks to the University; establishing technology governance for the University; and ensuring the privacy of personal information of students and employees.

FY20 accomplishments include:

  • Information Security. Improved Work from Home security strategy; increased IDF scan coverage to include GLBA data on specific devices; Cleaned up 5,357 instances of malware; blocked 1,606 exploits on endpoints; and blocked 42,635 URLs; blocked 39.3 million spam emails from showing up in University inboxes (52% of total emails received). Assisted in implementation and monitoring of a VPN solution for COVID-19 work from home strategy. Migrated the network vulnerability system to a new more robust platform. Improved the purchase assessment process by embedding IAM and other essential parties where necessary. Changed from a general monthly reporting process to a more targeted and specific process where issues are directly discussed with the appropriate administrators.
  • Identity & Access Management. Implemented federated access for dues paying alumni, retirees, and authorized high-school students to access specific University systems using school-provided credentials or personal email/social media accounts instead of being provisioned a WVU Login account. Added the InfoSec security quiz to all account claims and password resets. Worked with 20+ IT units and vendors to improve use of WVU Single-Sign-On. Implemented a maintenance procedure and started cleaning up account data in Sailpoint. Continuing to collaborate with Shared Services, Talent & Culture, MAP, and Banner teams to establish better access termination procedures as part of employee offboarding.
  • Governance, Technology Risk, and Compliance. Implemented new policies designating the University as a HIPAA Hybrid Entity Designation and naming those University Health Care Components subject to compliance with HIPAA; established Identity Theft Detection and Prevention Program; and identified that the University will follow NIST Cybersecurity Framework to secure and protect is resources. Established Technology Risk Management program based on NIST Cybersecurity Framework and began campus-wide technology risk assessment. Worked with Student Financial Services and Payroll to completed Phase I remediation efforts for GLBA compliance.

Connect With Us

Service Desk Hours and Contact

Service Desk Hours

Monday – Friday: 7:30 a.m. – 5 p.m.

Closed on Saturdays, Sundays, and official University holidays.

Contact Us

Information Technology Services
One Waterfront Place
Morgantown, WV 26506

(304) 293-4444 | 1 (877) 327-9260

Get Help

Maintenance Schedule

To function effectively and securely, applications and the systems that support them must undergo regularly planned maintenance and updates.

See Schedule