Patch Management and Information Security During a Global Pandemic

My semester in residence was originally intended to be an in-person internship with California State University San Marcos in the Information Security department. While completing my internship, my primary objective was to create a security metrics program for the IITS department. My focus was going to be two repeatable and actionable areas, patch management and phishing. The plan was to conduct three rounds of interviews with the employees in charge of patch management for Linux and Windows servers, desktops, and Oracle. Following the interviews that material was going to be used to develop security metrics to help the campus determine if their security practices were effective. After the first round of interviews I was informed the campus was closing and moving to the work from home model due to the Covid-19 pandemic. Once the decision was made to implement a very broad “work from home” model, the entire IT organization shifted to addressing the needs of the employees who would be working from home. Many of the systems which would be analyzed for my internship would be inactivated. This made my original scope obsolete due to being unable to perform my internship duties and the shifting landscape had adjusted the priorities of the IITS staff, understandably making my semester in residence project no longer a priority. As with most people in the workforce in early March, I had to adapt. Given the times it seemed appropriate to shift my focus to something relevant to the current landscape, Covid-19. The Covid-19 pandemic has caused mass unemployment, an interruption in the global supply chain, and those of us who are fortunate enough to be able to continue to work have had to make some major changes to our day to day. With this change comes a myriad of security concerns. Even for security professionals, we must be more cognizant of the potential issues that come with a work-from-home environment. The truth is that the majority of people who are now forced to work from home are not aware of, or overly concerned with cyber security. Cyber crime is on the rise, policies and standards that were once airtight have become more relaxed due to the necessity of business continuity, PII and other sensitive data that was once closely protected has become more difficult to protect, just to name a few examples. In this thesis I will dive into how cyber security has changed since this global pandemic has started. I have conducted interviews with information security professionals and employees who are not aware of cybersecurity practices and done an extensive amount of research on the internet. I will discuss the major issues that have arisen out of this once unthinkable predicament we are in and some possible solutions and workarounds that organizations have undertaken or theorized to this point.