FALL 2019

The digital era is here, and cyber security is crucial to the peace of mind and successful functioning of your organization.

Fall in New England is a beautiful time of year! It is also the season for falling temperatures, occasional snow, and hectic holiday planning. As we head into the gift-giving season, consider giving your organization the peace of mind of increased cyber security.
As human resources professionals, we do not always get directly involved in the IT infrastructure of our organizations. However, in today's environment of global connectivity, cyber security now requires a holistic approach. To truly protect our organizations against increasingly sophisticated cyber-attacks, we must look at numerous factors besides our IT systems such as data management, employee policies, social media/marketing campaigns, and vendor selection, to name a few. With HR taking a seat at the cyber security table, there is also an opportunity to reward constructive and positive security behavior in our employees.
This issue of Successful Solutions focuses on cyber security and the role you can play in improving your organization's approach to it. Our "Client Spotlight" focuses on a comprehensive cyber security assessment at Boston College High School conducted by our partner Larry Wilson from the UMass President's Office Our "Recommended Vendor" - Mimecast-  is not only a client but a leader in providing e-mail security to both private and public sector organizations . Our "Staff Spotlight" focuses on a member of our extended staff, cyber security expert - Larry Wilson. Lastly, our "Top 10 Tips" article focuses on improving cyber security in any organization.
For information on how we can help your organization with its Organizational Development Consulting, Learning Solutions, and Event Management needs, read on and be sure to visit us at  www.donahue.umassp.edu/odls .

Dana L. Henry, ODLS Director
(617) 287-4068

New at ODLS!

Cyber Security Training: An Introduction to the NIST FrameworkNISTtraining
The need for a comprehensive approach to protecting your organization's systems and assets has never been more evident than in recent years. 

High-profile data breaches and hacking events have dominated the news, impacting consumers worldwide. The National Institute of Standards and Technology (NIST) issued its recommendations for a common approach and language to improving cyber security in 2014, and a number of countries and organizations have since adopted the framework. However, ongoing breaches of sensitive data tell us that there is more work to be done.

We are pleased to offer this half-day training session, which can be adapted to the role of any of these three audiences: human resources, business unit management, and information technology professionals.

In This Issue
Our Staff
We are here to serve our clients and support 
their success. 
Was this issue of Successful Solutions forwarded from 
a colleague?
Client Spotlight: Boston College High School 
Cyber Security AssessmentclientBChighschool

In June 2019, Larry Wilson (UMass Cyber Security Engineer) conducted a cyber security risk assessment for Boston College (BC) High School to provide members of the school's leadership team with a clear understanding of the current state of security at the high school. Conducted in partnership with UMass, the assessment's goal was to establish a replicable process for designing and delivering a comprehensive cyber security program and conducting an annual cyber security risk assessment.

Results from the assessment provided the school with a current cyber security profile and a road map for improving its security capability. UMass and BC High School worked collaboratively to develop a cyber security plan, a current scorecard, a detailed gap analysis, a plan of action and milestones, and an executive report.

The cyber security assessment was based on industry best practices, including the NIST Cyber Security Framework and the Council on Cyber Security Critical Security Controls. The Framework and Critical Controls were assessed across BC High School's operational areas, including on-site and cloud-based solutions. 

Recommended Vendor: Mimecastmimecast

Mimecast is a cyber security and compliance provider that helps thousands of organizations worldwide make email safer, restore trust and strengthen cyber resilience. Mimecast's expanded cloud suite enables organizations to implement a comprehensive cyber resilience strategy. From email and web security, archive and data protection, to awareness training, up-time assurance and more, Mimecast helps organizations stand strong in the face of cyber attacks, compliance risk, human error and technical failure.  Mimecast was recently chosen by the UMass President's Office as the e-mail security vendor across all five UMass campuses.

Staff Spotlight: Larry Wilson, Senior Cyber Security Engineerlarrywilson
Larry Wilson
Larry Wilson is the former Chief Information Security Officer for the UMass President's Office. In this role, Larry was responsible for developing, implementing, and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP).
In addition to designing a cyber security program for the University, Larry developed and delivered cyber security training at multiple industry events, workshops, training venues, etc. This includes his role as adjunct faculty at the UMass Lowell in the computer science department. Courses include Designing and Building a Cyber Security Program, The NIST Cyber Security Framework Foundations and Practitioners courses, The NIST 800-171 Protecting Controlled Unclassified Information (CUI) in Non-Federal Systems, the CIS Controls, etc.
Larry also provides consulting services to mid-sized and large enterprises. His work focuses mainly on designing and building cyber security programs based on the NIST Cyber Security Framework and the CIS Critical Controls. He has completed U.S. government projects based on the NIST 800-53 standard as well as DOD projects based on NIST 800-171 controls.  
Prior to joining UMass, Larry was the vice president and network security manager at State Street Financial Corporation. In this role, he was responsible for selecting, implementing, and overseeing an engineering staff that managed network security technologies/tools, including vulnerability scanning, network firewalls, intrusion detection, remote access technologies, security event management tools, etc.
Larry has received several IT industry awards and we are excited to be partnering with him on the development and release of a new half-day training on cyber security! 

Useful Resources
Top 10 Tips: Improving cyber security in your organizationtoptentips

Improving cyber security in your organization is a complex initiative involving multiple audiences (HR; senior leadership; IT; vendors; employees) and all aspects of your supply chain. 

In this issue, we propose adopting the NIST framework as a comprehensive approach to cyber security. However, there are a few simple principles that all employees of any organization can adopt to improve cyber security. Here are our favorite tips:
  1. Don't leave your devices (e.g., laptop and smartphone) unattended in public spaces.
  2. Always lock your desktop (i.e., screen) when leaving your laptop unattended (i.e. leaving your desk, or office to go get a coffee, or something from the copier, or chat with someone) or to go check on the kids. Don't wait for your screensaver to kick in to lock the screen.
  3. Don't trust email from people you don't know.
  4. If your anti-virus program warns you - believe it!
  5. Use two-factor authentication whenever possible to ensure that you're the only person who can access your account, even if someone knows your password.
Helpful Links Helpfullinks

Professional Development Vendors
  • Real Cool Productions: Full-service video, animation, and mixed media production company in Boston that services global businesses.
  • CommonLook: Rely on CommonLook to achieve compliance with PDF and document accessibility standards through a process called Remediation. 
  • Tara Hall: Independent graphic and web design consultant.
Professional Development Resources
Professional Learning Associations
UMass Donahue Institute
Organizational Development & 
Learning Solutions
1 Beacon Street, Floor 31
Boston, MA 02108
(617) 287-4068
If you would like to be removed from this email list, please follow the "SafeUnsubscribe" link at the bottom of this email.