Information Security and Risk Management
Leverage IT risk management and information security practices to reduce adverse impacts to the institution.
Plan Focus
- Reduce risk to the institution, and its faculty, staff, and students by protecting the confidentiality, integrity, and availability of information assets.
- Educate faculty, staff, and students concerning information security policies, standards, and data protection practices through appropriate training.
- Establish enforceable policies in order to maximize compliance with laws, regulations, and generally accepted practices.
Core Functions
- Security Governance
- Policy Management
- Awareness and Education
- Identity and Access Management
- Vulnerability Management
- Risk Assessment
- Regulatory Compliance
- Incident Response
- Business Continuity and Disaster Recovery Management
Goals and Objectives
Goal #1: Integrate Business and Information Security Practices
Objectives:
- Cultivate environment where security governance is fully integrated with university business practices
- Require annual security and privacy training for all clients.
- Work with DSAG to promote and enforce data classification, data hygiene and data access protocols and processes.
Goal #2: Increase Awareness of Security Related Policies and Standards
Objectives:
- Provide on-line and face-to-face seminars for system clients on security and privacy topics.
- Foster environment where accountability for protecting information rests with the information owner.
- Promote a people-centric security strategy that focuses on user accountability.
Goal #3: Enhanced Information Security Analytics to Better Prevent, Detect, Respond, and Predict Threats to U of R’s Systems and Data
Objectives:
- Minimize attack surface area
- Reduce threat exposure time
- Investigate, remediate, and establish preventative measures
- Utilize intelligence to prevent potential threats
