Several advanced protection features were added to ITS’s existing suite of cybersecurity defences during the 2023-2024 academic year.

Microsoft Extended Detection and Response (XDR), formerly Microsoft Defender, went live in August 2023 and is now helping ITS better identify, detect and investigate advanced threats directed at Carleton University.

Microsoft Multi-Factor Authentication was rolled out to all faculty and staff in September 2023. Nearly 5,000 students have been enrolled, and a plan to enrol all students within the next academic year has been developed.

Secure, User Friendly and Flexible

“MFA provides improved protections against new types of cyberattacks and is the first step in Carleton’s journey to a more secure, user friendly and flexible identity and access management solution,” said Steve Fraser, Director of Information Security.

Meanwhile the Payment Card Industry (PCI) steering committee, which is led by the Department of Finance’s Business Office with support from the ITS Information Security team, completed a review and an update of the PCI incident response process.

PCI standards outline the technical and operational requirements necessary to protect credit cardholder data. These standards are applicable to any organization that stores, processes or transmits cardholder information. Compliance protects the university from adverse financial consequences and strengthens data protections for our community members.

Significant work was done to update Carleton’s PCI compliance to the new PCI Data Security Standard v4.0 framework, and Carleton met the new compliance requirements ahead of the launch of v4.0.