You are here:

Information Security Office (ISO)

The Information Security Office (ISO) continuously strives for daily operational excellence to ensure the confidentiality, availability, and integrity of University of Utah information technology systems and data through exploitation of appropriate security resources and best practices.

Helpful Links

 Enroll in 2FA

ISO Quick Links

Tips to Staying Secure Online All Year Long 

Cybersecurity Month

Beware of phishing

 Noteworthy News

Windows SMB server security advisory

A high-risk security vulnerability is currently being exploited in the wild. The vendor released a patch for this vulnerability in March 2017.

ISO strongly recommends installing the Windows security update. Instructions about the patch can be found on the Microsoft support site:

ISO is actively looking across the U environment for vulnerable systems. For more information, visit the following sites:  

If you have any questions, please contact your designated help desk or one of the help desks listed below: Campus Help Desk: 801-581-4000. University Hospital/Health Service Desk: 801-587-6000.

Dr. Randy Arvay named CISO

The University of Utah has hired Randall (Randy) J. Arvay as the new chief information security officer, effective May 22, 2017. Arvay comes to us from The University of Mississippi Medical Center, where serves as CISO.

Randy Arvay, CISO

 Meet Your Colleagues: ISO Security Assurance

ISO Security Assurance

Guarding against thousands of cyber attacks each week keeps Colby Gray, Security Assurance manager in UIT's Information Security Office, and his dedicated team of security analysts busy.

Read the full Node 4 Article


Information Security Policy 4-004

Information Security Policy 4-004, including its accompanying rules has been fully enforceable since April of 2016. If you have questions or concerns, please contact


UConnect vs. UGuest

Students, faculty, and staff: UConnect is our secure, wireless network. UGuest is not. Always use UConnect when connecting to the network.

First time connecting to UConnect? Follow these instructions.

Secure those passwords! 

Is your password secure enough? Easy-to-guess, "weak" passwords are the main way malicious hackers gain access to system information. Keeping passwords safe and hard to guess is critical to ensure information is not compromised.

Familiarize yourself with the University of Utah's password requirements and guidelines.


MS-ISAC Advisories can be found HERE.

US-CERT Alert (TA17-075A)
HTTPS Interception Weakens TLS Security

Original release date: March 16, 2017

Systems Affected: All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected.

US-CERT Alerts can be found HERE.

Last Updated: 5/16/17