BSD Information Security Office Services

The Information Security Office (ISO) is the central point of contact for information security in the BSD research and academic enterprise. Our information security services are offered to help departments implement a quality information security program that includes safeguarding data and complying with applicable IT regulatory requirements. Benefits to departments include:

• Use of an industry-standard approach to security and risk management.
• Increased understanding and awareness of information security matters, resulting in an improved security posture.
• Active participation in the integration of department-level and University-level security processes.

To request a security project, please start the process by emailing security@bsd.uchicago.edu.

Risk Management and Compliance

The ISO will provide guidance and tools for implementing process controls on IT-related activities to meet compliance requirements, including support for internal or external audit inquiries related to BSD IT security controls.

BSD Security Assessment and Authorization (SAA)

The BSD Information Security Office (ISO) can assist you with identifying security requirements with your project and ensure that these systems are protecting your data through the Security Assessment and Authorization (SAA) service.

The goals of the SAA processes are to provide a consistent approach for identifying and quantifying security risks of information systems supporting academic and research activities and to provide the BSD with a better understanding of the security risks within the BSD network. Click here for more information on the BSD SAA process.

IT Security and Risk Consulting

The ISO will provide consultation to help BSD units respond to security assessment findings; resolve information technology risks, threats, and vulnerabilities; and implement adequate risk mitigation measures. This includes working with departments to establish the security components of projects at any phase of implementation, including security hardware and software to help safeguard data.

IT Policy & Standards

The ISO will create, review, and maintain documentation to support information security policies, standards, and guidelines that align with appropriate regulations and industry best practices. Click here for more information on Policies and Standards.

Vulnerability Management

The ISO will coordinate access to QualysGuard scanners and allocate licenses and user accounts to designated business units where there is a demonstrated need for vulnerability scanning. Implementation and support include system scanning of servers, network devices, or workstations. This can be done for individual devices or for whole departments.

IT Security Incident Response

The ISO will assist departments in investigating and coordinating appropriate responses for IT security incidents, in collaboration with ITS and UCMIT information security offices, General Counsel, and the HIPAA Program Office.

Security Monitoring

The ISO will automate aggregation, correlation, and analysis of log data from departmental systems, BSD infrastructure, and other key assets. This includes providing real-time analysis of logs and alerts from security devices, network infrastructure, servers, and other key assets by certified security experts.

The Security Event Monitoring system is available to customers 24/7, excluding planned outages, maintenance windows, and unavoidable events.

Firewall Management

The ISO will provide full lifecycle management and monitoring of firewall appliances, including hardware and software components required to provide firewall services.

Security Awareness and Training

The ISO will provide security awareness educational materials, including printed materials, online learning modules, presentations, and security product demonstrations for faculty, staff, and researchers. Click Here for Phishing awareness and here for general security awareness.