Skip to main content
Sign In

IT Services, Information Technology Services


IT Security and Compliance Team


Effective information security in the context of real-world problems will only be achieved through a user-centric approach that integrates appropriate technical and administrative controls with functional user awareness and training.


The mission of IT Security and Compliance is to safeguard the confidentiality, integrity, and availability of university information systems by providing proactive security expertise, creating and maintaining a robust security architecture and fostering a culture of security awareness throughout the university.


The IT Security and Compliance Team works towards these goals by providing the following services:

    • Management and administration of the campus network security devices: Firewalls, Intrusion Prevention Systems, Web Security Appliances, etc.
    • Monitoring and analysis of network traffic for anomalous behavior, including detection of compromised systems and leakage/loss of confidential and/or regulated data
    • Baselines and configuration standards that are based on industry best practices, grounded in university policy, and customized to meet the needs of the universitys unique Information Technology environment
    • HIPAA Compliance: guidance and consultation to help departments and units demonstrate their compliance
    • PCI (credit card) Compliance: standards, guidance and consultation to assist department merchants with demonstrating their compliance to the PCI Data Security Standard (PCI DSS)
    • Incident handling and response services, including forensic evaluation of systems that have been compromise and processing of lost or stolen computing devices.
    • Security assessments, including assessments of systems that contain private data and monthly scans of computing systems to assess patching and configuration
    • Providing guidance and education for LAN Admins, system administrators and developers on securing their applications and computing resources
    • Firewall Penetration Requests - reviewing penetration requests, scanning and remediating system prior to penetration approval
    • Phishing Awareness and Response - providing awareness material for campus users about phishing; managing web and email security controls for incoming phishing messages

Useful Links:

Compromised Accounts

Current university Phishing Advisories

How to determine if an email is a phishing attack

How to report a lost or stolen device (e.g., laptops, iPads and data storage devices)

Firewall Penetration Requests

CU System Policies and Procedures

University Policies


© The Regents of the University of Colorado, a body corporate. All rights reserved.

Accredited by the Higher Learning Commission. All trademarks are registered property of the University. Used by permission only.