OIT services in the spotlight: Security and ComplianceMar 22, 2019
Cyber criminals around the world have discovered new ways to exploit university software and network vulnerabilities. Fortunately, the University of Colorado Denver | Anschutz Medical Campus has the benefit and knowledge of our Security and Compliance team who is on the job overseeing the confidentiality and integrity of our information systems.
The Security and Compliance team consists of two distinctive groups working diligently to protect the university: Risk and Compliance and Security Operations. The business of keeping the university “safe” is no small task and is led by director Sean Clark, an information technology veteran with more than 20 years of experience at CU. “We have a large volume of valuable data, including Personally Identifiable Information (PII), financial information, intellectual property and electronic Protected Health Information (PHI). Breaches are on the rise in higher education – we work to help reduce the likelihood of a breach and to minimize the impact when (not if!) such a breach occurs” explained Clark
The Risk and Compliance team focuses on the compliance and risk management side of the equation including HIPAA (healthcare data), PCI (credit cards) and FERPA (student data) and are responsible for:
- Performing campus level risk analyses and managing security and compliance awareness programs for both campuses
- Creating strategies and implementing plans to document campus compliance to various regulations
- Providing guidelines and best practices to document school and department compliance efforts
- Reviewing applications and cloud services to determine if the vendor or software application meets the universities needs for security and compliance
- Security processing including data access requests and timely termination of employee access when an employee leaves the university
Security Operations focuses on the technical controls and processes to detect and remediate threats to both campuses including managing:
- Network security systems which involves the Intrusion Prevention Systems (IPS) and firewalls, and also consists of
- searching for malicious traffic and compromised systems and remediating any problems
- helping ensure the university has strong logging, monitoring, alerting and Security Information Event Management (SIEM) in place
- coordinating internal data sources so that they can effectively and efficiently respond to threats and compromises
- Endpoint security (antivirus solutions) and vulnerability management (evaluating servers and other network devices to ensure that they are up-to-date on patches and appropriately configured)
- Encryption server and password management systems
Together, the Security and Compliance team serves as a trusted partner with other campus units to drive university initiatives such as working to ensure security measures for programs and services are maintained and developing a university-wide effort to create a consistent IT purchase review process across all campuses. Leading security efforts that include protecting institutional and personal data for students, faculty, staff on two large campuses as well as working with our healthcare partners to protect patient information could keep a person up at night. So, what are the big issues Clark worries about on a restless evening? “Many of the breaches that occur in higher education are combinations of insider and outsider threats, such as an external attacker who sends a targeted spear phishing email and then uses the gathered credentials to gain access to the university network and attack internal servers and IT systems,” Clark adds. Rest assured, his team is hard at work addressing security and compliance issues, both old and new.
Security is a shared responsibility for everyone at the university. To learn more about security and compliance at CU Denver | Anschutz, please visit us at www.ucdenver.edu/securecampus.
This is the fifth article in the series OIT Services in the Spotlight. For an overview of more services offered by OIT, watch the CU Productions video on our YouTube channel or visit our website: oit.ucdenver.edu.