Information Technology & Computing Services

Effective Date: 10/30/07

Policy Statement 3: Information Technology Security

IT Security Mission

The mission of Information Technology Security (IT Security) is to develop, oversee, evaluate and support policies, standards, procedures and programs to enhance and maintain a secure digital environment that safeguards the University's information resources. In pursuit of this mission IT Security manages a security program that is comprehensive in scope, and also flexible enough to respond to the ever-changing needs of information security.

IT Security Program Elements

  1. User Education and Awareness

    An Education and Awareness Program helps safeguard the University's information and information systems by promoting awareness and adoption of good security practices. These practices are presented in the form of University security policies, guidelines and procedures, training sessions and seminars, responsible computing brochures and other publications, user agreement forms, and computer-based training.

  2. Policy Development

    IT Security develops security policies for ITCS and for the University that identify acceptable standards of use of our information resources. These policies are living documents, which require periodic reassessment to ensure that they meet the needs of the University. IT Security assists the University in complying with policies and procedures.

  3. Incident Response

    IT Security is responsible for managing the ITCS response to information security incidents. IT Security coordinates with University management to establish and maintain an information security incident response program. IT Security coordinates the incident response team during an information security incident. IT Security coordinates the activities of the incident response team with internal (legal, audit, etc.) and external groups (law enforcement, vendors, etc.). IT Security is responsible for documenting lessons learned from information security incidents to improve incident management procedures.

  4. Risk Management

    IT Security advises ITCS senior management in the establishment of a University IT Risk management program based upon the University’s goals and objectives. IT Security assists ITCS senior management in the development of a comprehensive Risk management process to identify, assess and mitigate risks to the University’s information assets.

  5. User Account Management

    IT Security is responsible for the creation, modification, and revocation of enterprise user accounts for the University. IT Security ensures the University applies industry best practices in the management of the University’s user accounts.

  6. Regulatory and Standards Compliance

    IT Security is responsible for the application of the principles, policies, and procedures that enable the University to meet applicable information security laws, regulations, standards, and policies to satisfy statutory requirements, perform industry best practices, and achieve the University’s information security program goals. IT Security audits the University for regulatory and standards compliance and reports its performance in this area.