2018 Information Security

INFORMATION SECURITY MOdel

The Information Security Office designs and implements a comprehensive security program to protect sensitive information, reduce risk, and define roles and responsibilities.

FOCUSING ON INFORMATION SECURITY

This year the Information Security Office size was expanded to accommodate today’s information security threats to UA and personal digital device users. Eight areas of targeted focus were created and projects either started or progressed to fulfill the needs by newly augmented staffing. Some projects had immediate visibility, such as the implementation of NetID+ two-factor authentication. Others were not as visible as they encompassed systems and processes to protect data within the UA network, such as end-point security systems which protect computer networks and devices.

PROTECTING PEOPLE & SYSTEMS WITH 2-FACTOR AUTHENTICATION

Current cybersecurity threats mean that it is not so much a matter of if but when a password will get compromised. In order to protect student, employee, and campus data, the university has implemented a policy of 2-factor authentication for all logins. The UA’s NetID+ initiative was implemented with the help of five different campus units. IT Support staff across the campus participated in assisting with active enrollment of over 30,000 faculty, staff, designated campus colleagues, and retirees.

TAKING A MULTI-LAYERED APPROACH

  • Safe Computing Environment that Supports Teaching & Research
    • Secure Research & Education Environments
    • Privacy and Regulatory Requirements
  • Secure Systems / Rapid Response
    • Secure Web Coding Practices
    • NetID - Two Factor Authentication
    • Logging & Monitoring
    • Vulnerability & Patch Management
  • Creating a Culture of Security Awareness
    • Training & Awareness Program
    • Governance & Compliance
    • Risk Assessment
    • Data Classification

FY18 Metrics

NetID

Users Protected
(as of Spring 2018)

30k

Services

  • NetID