Information 安全 Office
The Office of Information Technology Information 安全 Office leads a robust cybersecurity program to support the university mission of research, 教学及外展, and securely enable faculty, student and administrative needs. This includes support for university IT compliance efforts across regulatory and contractual agreements including GLBA, HIPAA, FERPA, 一种总线标准, NIST 800 - 171, CMMC, NSPM-33等.
Key elements of the cybersecurity program include:
- Annual security awareness training and monthly phish training for all employees, and supplemental cybersecurity training for select groups.
- Annual 风险 Assessment and testing processes to identify and prioritize remediation for reasonably foreseeable internal and external risks to the security, confidentiality and integrity of university data.
- Data Classification program, per APM 30.11 to track and apply appropriate controls based on data classification and risk.
- Initial and periodic assessment of service providers through Vendor 安全评估s.
- 实现ing the incident response plan including tools, services and timely response and recovery from any material security events, 由 APM 30.14, Cyber Incident Response and Reporting.
- 实现 政策, 标准 and procedures to enable ongoing success of the security program and all compliance goals.
- Facilitate the creation, tracking and auditing of individual System 安全 Plans (SSPs) when required for specific compliant systems or enclaves.
- Review and approve secure IT architectures, including required processes, 保障措施, controls and mitigations to meet security and compliance requirements.
This security program is implementing controls and is monitoring for finalization of technical 标准 related to NSPM-33 cybersecurity requirements. 参见:
- NSPM-33 FAQ for Department Grant Administrators
- Export Control and related training
- University International Travel
- 2022年生效, Insider Threat training was incorporated into all employee cybersecurity training requirements. Additional relevant training is available through the Office of 研究 Assurances
服务
- For general security assistance
- For 研究 Cyber Support, including System 安全 Plans. 或电子邮件 rcsp-team@967322.com
- To report a suspicious or malicious email, use the “Report Phish” button in Outlook.
- To report a security incident, email security@967322.com or 打开事件
观察界面 is a newsletter from the Information 安全 Office discussing the latest vulnerabilities, 警报和补丁. While designed primarily for IT professionals, it may be of interest to other computing users.
订阅, visit the University Communication and Marketing Email preferences page, under University Communications – 观察界面.
联系
The U of I Information 安全 Office and security program is overseen by Chief Information 安全 Officer, 米奇·帕克斯(CISSP), 自2014年以来. This includes designation as the qualified individual per GLBA 16 CFR 314.4(a), and HIPAA 安全 Officer per 45 CFR 164.308.
For general questions about the program, contact oit-security@967322.com or 开票.