The Information Security Office (ISO) is the central point of contact for information security in the BSD research and academic enterprise. Our information security services are offered to help departments implement a quality information security program that includes safeguarding data and complying with applicable IT regulatory requirements. Benefits to departments include:
- Use of an industry-standard approach to security and risk management.
- Increased understanding and awareness of information security matters, resulting in an improved security posture.
- Active participation in the integration of department-level and UC level security processes.
Risk Management and Compliance
The ISO will provide guidance and tools for implementing process controls on IT-related activities to meet compliance requirements, including support for internal or external audit inquiries related to BSD IT security controls.
IT Security and Risk Consulting
The ISO will provide consultation to help BSD units respond to security assessment findings; resolve information technology risks, threats, and vulnerabilities; and implement adequate risk mitigation measures. This includes working with departments to establish the security components of projects at any phase of implementation, including security hardware and software to help safeguard data.
IT Policy & Standards
The ISO will create, review, and maintain documentation to support information security policies, standards, and guidelines that align with appropriate regulations and industry best practices.
The ISO will coordinate access to QualysGuard scanners and allocate licenses and user accounts to designated business units where there is a demonstrated need for vulnerability scanning. Implementation and support include system scanning of servers, network devices, or workstations. This can be done for individual devices or for whole departments.
The QualysGuard system is available to customers 24/7, excluding planned outages, maintenance windows, and unavoidable events.
IT Security Incident Response
The ISO will assist departments in investigating and coordinating appropriate responses for IT security incidents, in collaboration with ITS and CBIS information security offices, General Counsel, and the HIPAA Program Office.
The ISO will automate aggregation, correlation, and analysis of log data from departmental systems, BSD infrastructure, and other key assets. This includes providing real-time analysis of logs and alerts from security devices, network infrastructure, servers, and other key assets by certified security experts.
The Security Event Monitoring system is available to customers 24/7, excluding planned outages, maintenance windows, and unavoidable events.
The ISO will provide full lifecycle management and monitoring of firewall appliances, including hardware and software components required to provide firewall services.
Security Awareness and Training
The ISO will provide security awareness educational materials, including printed materials, online learning modules, presentations, and security product demonstrations for faculty, staff, and researchers.
Hours of Availability:
The services described below are available from 8:00 a.m. to 6:00 p.m., Monday through Friday, except for holidays.
For further information or to request assistance, please contact us at firstname.lastname@example.org.