2019 Information Security

CREATING A CULTURE OF Security AWARENESS

The Information Security Office designs and implements a comprehensive security program to protect sensitive information, reduce risk, and define roles and responsibilities.

Collaboration on Security Policies

The Information Security Office (ISO) created 17 new policies through a highly collaborative process that included students, faculty, executive leadership and IT staff from many colleges and departments. The ISO Policy Working Group membership included 39 staff spanning 18 departments and colleges. UArizona's Chief Information Security Officer and Chief Compliance Officer joined together to champion the approval process, ensuring a smooth journey.

“The ISO team is smart and committed to the work that they do. They were very organized and that made the approval process easier. People had such trust and confidence, because they saw that there had been this really comprehensive process on the front end,” said Celina Ramirez, UA Chief Compliance Officer.

Incident Response: A Shared Responsibility Model

One of the key aspects of the Information Security Office (ISO) is to establish and support a shared responsibility model to improve the University’s security posture. ISO helps departments prepare, improve, and if necessary, respond to security events.

The Security Operations Center (SOC) has multiple specialized tools that block the majority of cyber attacks. If the team determines that an attack is not being blocked, they work in collaboration with departmental security managers to analyze the impact and scope of the attack, as well as to develop recommendations or countermeasures. Because cyber attacks happen relentlessly, the SOC remains available as a resource to campus 24/7/365.

Employee Security Awareness Training Updated

Required Employee Security Awareness Training was updated with a new online format this year. The new training was created by the ISO team in collaboration with a group of 12 staff from across campus. The easy by step by step format gave employees environmental awareness to many of the current data security threats facing Internet users.

Universal NetID+ Two-Factor Authentication

The University of Arizona was the first Research 1 university to require universal two-factor authentication (NetID+) for faculty and staff in FY18 and for students more recently in FY19. Until this requirement, over 40% of students had no two-factor protection on their campus account. Now compromised accounts are down 90%.

Firewall (Border) Blocks

Firewall Blocks

21M/day

Security Monitoring

Data Monitored

36.3 terabytes

Email Security Appliance

Phishing and Spam Emails Blocked

4.5M daily

UA Sites Campus Website Support

  • Compliance Services
  • Security Architecture
  • Incident Response / Security Operations
  • Training
  • Security Monitoring

10,237

Full-Time Employees Completed the Training as of June 2019

95%

Enrolled in Two-Factor Authentication

52,288 students | 11,254 staff | 3,199 faculty

"Because ISO engaged so many stakeholders early on and was very inclusive in the security policy process, the final approval went really smoothly."

Celina Ramirez, Vice President for University Initiatives

Contents

Message from the CIO

Research Technologies

Student & Academic Technologies

Administrative Technologies

Campus IT Partnerships

Campus Technology Spotlight

Information Security

Infrastructure Technologies

Operational Technologies

University Analytics & Institutional Research

Higher Education IT Funding Comparison

University IT FTE Analysis

FY19 UITS Personnel

Student IT Fee Analysis

UITS FY19 Revenue and Expenses

IT Annual Report FY2019 PDF