Protect the privacy of University constituents and provide effective information security risk management, enabling the University to succeed in its mission.
The Office of Information Security coordinates enterprise security services to safeguard the confidentiality, integrity, and availability of University information resources and data, and provides support to the University community regarding information security through outreach, awareness, assessment, policy, compliance, and best practice.
The strategic objectives outlined below define how the Office of Information Security will effectively manage security risks to University information technology and data assets.
Proactive Risk Management – assist University constituents in becoming more aware of the security risks that University information assets are vulnerable to and identify controls to reduce those risks. Proactive Risk Management includes the following.
· Improving security awareness
· Facilitating collaboration to identify effective and efficient security solutions
· Documenting University compliance with applicable laws, regulations, standards, and contractual requirements
· Regularly conducting risk assessments
· Cataloging UoR information data assets and identifying proper safeguards
· Developing and maintaining University policies that protect University information data assets
Data Loss Prevention – direct the University in reducing the likelihood of data loss and/or disclosure of confidential and federally protected data.
Continually Improve Security of System and Network Services – support a security conscious defense architecture and provide increased security of critical University services.
Security Incident Management – support the University in recovering information assets in the event of a catastrophic event. This objective will enable the University to manage security events more efficiently and effectively, thereby reducing or minimizing the damages to the University. This objective includes effective Change Management processes as well as proper Disaster Recovery and Business Continuity planning and documentation.