Welcome to the BSD Information Security Office
In the University of Chicago Biological Sciences Division (BSD), all elements of academic medicine — basic and translational research, education, and patient care — come together in a single campus. The Office of the CRIO and departmental IT groups provide advanced, secure technologies and services to enable clinical, translational, and basic science research. The security of IT systems and information assets is dependent on the individuals managing as well as the individuals utilizing such resources. The BSD Information Security Office is committed to supporting the principles of academic freedom and the free exchange of ideas; the BSD’s information security initiatives are intended to support those principles while still maintaining an appropriate level of security.
The Information Security Office is dedicated to providing information security services and expert security guidance to BSD leadership and all members of the BSD research and academic enterprise to ensure confidentiality, integrity, and availability of its information assets and data, in accordance with organizational security policies and applicable state and federal laws, as efficiently as possible.
The vision of the Information Security Office is to provide leadership in the development and delivery of information security services; develop a risk management and auditing program to safeguard BSD data and information assets against unauthorized use; promote security awareness within the BSD; and simplify security processes through automation to enable research and education.
Operate an enterprise cybersecurity risk management program to identify, analyze, and mitigate cybersecurity risk to the BSD IT infrastructure including its business units, subsidiaries and stakeholders. Provide governance, strategic planning, and sponsorship for the organization’s cybersecurity activities in a manner that aligns cybersecurity objectives with the organization’s strategic objectives and the risk to BSD research and academic IT infrastructure. Protect BSD IT systems and information assets from unauthorized access, alteration, disclosure or destruction. Cultivate relationships with faculty and staff, the University of Chicago, the University of Chicago Medicine and external entities to collect and provide cybersecurity information to reduce risks and increase operational resilience.
Develop clear, concise policies, standards, and guidelines to strengthen information security within the BSD. Identify systems need to be protected, assess priority in light of organizational mission, and manage processes to achieve cost effective risk management goals. Establish and maintain plans, procedures, and technologies to detect, identify, manage, and respond to cybersecurity threats and vulnerabilities corresponding to the risk with the BSD research and academic IT infrastructure. Identify and mitigate vulnerabilities in information assets and internal controls, to a level deemed appropriate by BSD senior management. Establish resources and security awareness training that allow all individuals within the research community to practice good data stewardship. Develop metrics to gauge the level of threat activity and the effectiveness of threat detection and response capabilities.
Enable the organization to decide on the appropriate outcome based actions to ensure adequate protection against threats to business processes and systems. Identify the presence of undesirable cyber risk events, and the processes to assess the potential impact of those events. Protect the reputation of the University and ensure compliance with federal and state laws and regulations. Demonstrate compliance through a systematic risk-based management approach.