CREATING A CULTURE OF Security AWARENESS

The Information Security Office provides policies, tools, and processes to protect the information resources of the University of Arizona, using a shared responsibility model.

graphic of connections and nodes

Security Risk Assessments Foster Shared Responsibility

The Information Security Office (ISO), collaborates with campus units to conduct annual risk assessments requiring annual inventories and security plans. It is part of the shared responsibility model campus units participate in to reduce, mitigate, or transfer known information security risks.

The Risk Management process has four main steps: Data Collection, Risk Assessment, Risk Analysis, and Security Planning. Each step plays a critical role in thoroughly understanding risks at the university.

In FY20, a new UASecure Information Security Risk Management platform was built to manage the process. Over 174 security plans were completed by campus units in FY20. The ISO and Campus IT Partnerships worked in collaboration with Information Security Risk Managers to develop a current “risk state” and a prioritized risk-informed approach to improving their department’s security posture.

The first ever CyberSecurity Fair was hosted by ISO during National CyberSecurity Awareness month, October 2020.

Finding Answers to Remote Work Questions

The Information Security Office (ISO) has implemented a variety of tools and systems to help improve the level of sophistication in the university’s IT operations and campus networks. The focus has been on vulnerability scanning, patching, log monitoring, configuration management, web app development, and systematic communication and collaboration within the UA’s IT community.

One of the tools ISO has implemented is Spunk, a software for searching and analyzing machine-generated big data. This software has helped to strengthen the threat detection and analytics capabilities of our Security Operations Center to protect university data and employees from information security vulnerabilities.

The University of Arizona Network Model

The foundation of information technology at the University of Arizona continues to be the campus network. It’s the backbone for all wired and wireless internet connectivity on the main campus in Tucson and at distance locations across Arizona. From moving huge research data sets, supporting thousands of Zoom connections, and streaming television in residence halls, there are more demands on the campus network than ever before.

The University’s connection to Internet2 through Arizona’s Sun Corridor Research and Education Network provides a massive 35 gigabytes of connectivity to campus on an average day, supporting a variety of digital devices and computers. In 2018, the University of Arizona was recognized by PCMagazine as having the 4th fastest campus wi-fi network in the United States.

In FY20, the strength of the network infrastructure was further validated when the National Science Foundation awarded the University a $26 million grant to establish and lead the Center for Quantum Networks. CQN aims to lay the foundations of the quantum internet by connecting quantum computers, data centers, and gadgets with quantum bits. The CQN team will be researching quantum materials and devices, quantum and classical processing required at a network node, and quantum network protocols and architectures. Much of this work will be done on the University’s network infrastructure in support of this NSF funded endeavor.

Firewall (Border) Blocks

Intra-Campus Firewall Blocks (per day)

313M

Security Monitoring

Log Aggregation 207TB

Email Security Appliance

Phishing and Spam Emails Blocked (per day) 2.6M

Risk Management

RCU Completed FY20 Plan 86%

Services

  • Compliance Services
  • Security Architecture
  • Incident Response / Security Operations
  • Training
  • Security Monitoring

2.6M

Phishing and Spam Emails Blocked Daily

3rd Place!

Congratulations to ISO’s Splunk team for their 3rd Place win in the 2020 Global Cybersecurity Challenge