University of Redlands

Information Security and Risk Management

Leverage IT risk management and information security practices to reduce adverse impacts to the institution.

Plan Focus

  • Reduce risk to the institution, and its faculty, staff, and students by protecting the confidentiality, integrity, and availability of information assets.
  • Educate faculty, staff, and students concerning information security policies, standards, and data protection practices through appropriate training.
  • Establish enforceable policies in order to maximize compliance with laws, regulations, and generally accepted practices.

Core Functions

  • Security Governance
  • Policy Management
  • Awareness and Education
  • Identity and Access Management
  • Vulnerability Management
  • Risk Assessment
  • Regulatory Compliance
  • Incident Response
  • Business Continuity and Disaster Recovery Management

Goals and Objectives

Goal #1: Integrate Business and Information Security Practices  


  • Cultivate environment where security governance is fully integrated with university business practices 
  • Require annual security and privacy training for all clients. 
  • Work with DSAG to promote and enforce data classification, data hygiene and data access protocols and processes. 

Goal #2: Increase Awareness of Security Related Policies and Standards  


  • Provide on-line and face-to-face seminars for system clients on security and privacy topics.
  • Foster environment where accountability for protecting information rests with the information owner.
  • Promote a people-centric security strategy that focuses on user accountability.

Goal #3: Enhanced Information Security Analytics to Better Prevent, Detect, Respond, and Predict Threats to U of R’s Systems and Data 


  • Minimize attack surface area  
  • Reduce threat exposure time  
  • Investigate, remediate, and establish preventative measures  
  • Utilize intelligence to prevent potential threats