October is Cyber Security Awareness Month. Education Commons makes OISE's digital security a top priority, from device management to application development, here are a few of the ways we maintain your cyber security every day.
“The Systems Admin group in Education Commons supports, troubleshoots, and maintains OISE computing infrastructure. We continuously apply the industry’s best practices to maintain appropriate levels of security, including the application of the latest security patches and upgrades, regular scans for known vulnerabilities, and security review and assessment for any new systems.
We continue to learn from U of T Security Matters as well as upgrading our skills with cybersecurity training modules.”
- EC Solutions Architect, Todd Vernon
How Secure is Your OISE Computer?
“OISE devices come equipped with enhanced data security, thanks to a system called endpoint management. EC uses an endpoint management tool called Intune, which is used to securely link your device with OISE, allowing EC to deploy applications, updates and more.
To enhance your security we set requirements for software updates, so your device keeps up to date with the latest software patches and upgrades in order to protect your computer from malware and viruses.
In the event of theft or computer loss, we can protect your data by locking your device or wiping the data remotely if it’s been breached.”
- IT Service Management Coordinator, Daniel Marinos
OISE Application Security
As we develop and update applications at OISE, we use the latest application security features such as authentication, authorization, data validation, and coding against vulnerabilities.
Education Commons Full Stack Developer, Bahman Yaghoobi shares some of the top security and privacy measures we use to achieve the highest level of security in our application development:
1. Hosting: Our newly built applications are hosted in the cloud which is setup with best practices for hosting applications
2. Technology updates: We continuously update our applications to make sure we use the latest stable technology. This includes software, hardware, applications, code, security certificates and other components that are involved in the development process.
3. Authentication: We use the University of Toronto’s secure single-sign-on system (SSO) for our applications. This guarantees the highest level of security by keeping user information in one secure location and having multi-factor authentication (MFA) implemented.
4. Authorization: Each user only has access to functionalities related to their roles. We have a central authorization system which assures that no one will get access to resources and data unrelated to their roles.
5. Prevent code injection: To prevent this cybersecurity risk, we make sure our code is up to date, and use a technique called object relational mapping.
6. Data Validation: Before saving any data provided by users, we apply some validation logic to make sure there is no malicious data being inserted into our databases.
7. Secure URLs: We use secure protocols for all user interactions with applications and websites. When you see a padlock beside the URL of a website and the S in HTTPS, this indicates a protocol is in place for secure encryption of information.
8. Database backups: We make multiple backups during the day and night which provides us with the ability to minimize data loss.
9. Preventing client-side attack: Among the top 10 security threats globally are Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS), which are cyber-attacks that take advantage of a user’s interaction with a website without their knowledge. We have measures in place to prevent both.
We are committed to providing secure application development the OISE community can count on.