information security in the context of real-world problems will only be
achieved through a user-centric approach that integrates appropriate technical
and administrative controls with functional user awareness and training.
of IT Security and Compliance is to safeguard the confidentiality, integrity,
and availability of university information systems by providing proactive
security expertise, creating and maintaining a robust security architecture and
fostering a culture of security awareness throughout the university.
IT Security and Compliance Team works towards these goals by providing the
- Management and administration of the campus network security devices: Firewalls, Intrusion Prevention Systems, Web Security Appliances, etc.
- Monitoring and analysis of network traffic for anomalous behavior, including detection of compromised systems and leakage/loss of confidential and/or regulated data
- Baselines and configuration standards that are based on industry best practices, grounded in university policy, and customized to meet the needs of the universitys unique Information Technology environment
- HIPAA Compliance: guidance and consultation to help departments and units demonstrate their compliance
- PCI (credit card) Compliance: standards, guidance and consultation to assist department merchants with demonstrating their compliance to the PCI Data Security Standard (PCI DSS)
- Incident handling and response services, including forensic evaluation of systems that have been compromise and processing of lost or stolen computing devices.
- Security assessments, including assessments of systems that contain private data and monthly scans of computing systems to assess patching and configuration
- Providing guidance and education for LAN Admins, system administrators and developers on securing their applications and computing resources
- Firewall Penetration Requests - reviewing penetration requests, scanning and remediating system prior to penetration approval
- Phishing Awareness and Response - providing awareness material for campus users about phishing; managing web and email security controls for incoming phishing messages
Current university Phishing Advisories
How to determine if an email is a phishing attack
How to report a lost or stolen device (e.g.,
laptops, iPads and data storage devices)
Firewall Penetration Requests
CU System Policies and Procedures