Campus IT Security Program
Over the next three years, a new IT Security Program will be rolled out at UIC. The program will provide best practice policies, standards, guidelines, and procedures to enhance IT security on a campus-wide level. To assist with program compliance, shared tools and resources will be available, and we will be working with colleges and units to implement the new policies.
The goal of the program is to build a culture of risk awareness, management, and acceptance. In addition, the program will help protect university assets and ensure that units and colleges comply with IT security laws, funding agencies, and contracts.
The program requires units on campus to identify and classify all of their data and emphasizes the need to protect systems in a manner proportional to the sensitivity of the data being stored or processed. The program covers many other areas as well, including security awareness training, access control, reporting, and systems and physical security as it relates to information technology.
This project was spearheaded by the IT Policy Subcommittee of The IT Governance Council, Infrastructure and Security Committee. It’s also a great example of governance working together to complete this important campus-wide initiative. Look for more information about the implementation of the project soon. Once available, the policy will be posted online here: accc.uic.edu/policy/all.
Important Efforts for Implementation
- Unit Information Security Officer — Units appointed a staff member to serve as the point of contact for information and coordination of the IT Security Program
- Security Awareness Training — Provide training resources for appropriate faculty and staff
- Data Classification — Identify the types of data being stored and accessed by faculty, staff, and students
- Data Backup Plan — Ensure data is being backed up approporiately
- Disaster Planning — Develop & test contingency procedures to meet business needs
- Security — Conduct Assessments of the systems, network, and physical spaces used
- Reporting and Compliance — Record and track the work that has been completed
What can you do?
Colleges and units have each identified a Unit Information Security Officer (UISO) whose role within their unit is to manage the IT Security Program implementation and act as a resource regarding questions you might have. You can take immediate steps by knowing some basic information – know how data in your possession is accessed; understand the type(s) of data in your possession; and know who has access to that data.
A summary of the IT Security Policies can be found at: http://security.publish.uic.edu/policies/summary. The full IT policies are available at: http://security.publish.uic.edu/policies. Questions about the IT Security Program can be directed to your UISO (the comprehensive list of UISO’s can be found here: http://security.publish.uic.edu/policies/uiso) or to email@example.com