Information security

ISO services include:

• Training on IT compliance, computer and network security, IT security and privacy issues, and best practices

• Consultations with project managers and system administrators in the design and implementation of new services

• Mock phishing exercises and IT security awareness videos and trainings for faculty and students

We can help interpret the ever-changing world of IT security policies and procedures, and oversee technical, IT security, and privacy audits.

At the University of Utah, everyone must follow Policy 4-004, which aims to protect the university’s IT resources and systems, and data, including that of students, faculty, staff, guests, patients, vendors, and more.

For a high-level explainer covering this policy, please access this Node 4 article.

In response to IT security incidents, we use an array of tools and procedures to:

• Identify and contain the source
• Minimize adverse impacts
• Restore service as quickly as possible
• Investigate the root cause.

We provide data forensic services for U entities and outside agencies as needed, and work closely with the Governance, Risk & Compliance (GRC) group, UIT Leadership, and IT governance committees on initiatives to improve IT security standards at the U.

The IAM group ensures appropriate access, role-based provisioning, authentication for individuals, and manages identity and access issues for internal and external users.

We monitor the U’s networks and information systems for potential data loss or sensitive information stored inappropriately, using state-of-the-art IT security tools to monitor for cybersecurity attacks and blocking or mitigating those threats as needed.

We evaluate the IT security of systems by performing authorized cybersecurity reviews to identify vulnerabilities and provide recommended mitigating controls.