The purpose of any organization's Information Security Office is to ensure that the organization's information and systems are effectively safeguarded in a manner compliant with its legal and contractual obligations. Unfortunately, across many institutions, information security often has been considered purely a technical endeavor - solely the concern of technology support staff. Certainly, a key component of any information security program is technology. There are computer viruses and anti-virus solutions to fight them. There are firewalls to block unexpected network traffic, encryption software to make data unreadable to unauthorized individuals, tools to monitor the network for suspicious activity and many more.
But here are the facts. Numerous surveys indicate that a vast majority of all information security breaches are caused by human error, primarily the result of a lack of awareness among information handlers about threats to information and effective methods of countering those threats. All the technology in the world cannot completely eliminate the risk of just one individual, tricked by an almost perfectly crafted, forged e-mail message, from responding with a valid ID and password or from opening an virus-laden attachment. Many notorious hackers pride themselves in their psychological and sociological expertise just as much as their technology prowess.
So, the only way that any information security program can be truly effective is when ALL members of the University community proactively work together to ensure that the information either created by or entrusted to the University is appropriately protected.
How can we make that happen? Through a principled approach that requires the Information Security Office to:
- Serve as advisor, guide, educator, strategist and coordinator,
- Engage technical novices, wizards and everyone in-between,
- Maintain an information-centric security program where:
- The sensitivity of the information drives technology and procedural decisions, and
- Protection strategies consider all media, both digital and physical, that may carry the sensitive information,
- Focus on the customer's needs, partnering to find the most cost-effective ways to achieve his or her department’s objectives securely.
We’re committed to carry these principles forward. All we need is your understanding, commitment and help, to have the best chance of keeping the University’s information and systems safe.
Mission and Objectives of the Information Security Office
The Information Security Office has been established to ensure that the information either created by or entrusted to the University, wherever it is located, is protected in a manner that is commensurate with the information's confidentiality, integrity and availability requirements. To this end, we collaborate with and serve all members of the UHCL community - faculty, staff, students and other affiliates - in their efforts to protect the University's information and systems.
The Information Security Office's objectives include:
- Assisting University personnel in the development of effective technological and procedural
- Identifying and addressing information risk,
- Complying with information security-related legal and contractual obligations,
- Promoting information security awareness among faculty, staff, students and other members of the UHCL community through:
- An information security-focused web site,
- Formal training sessions,
- Campaigns and promotional materials,
- Evaluating the security of proposed departmental and enterprise-wide solutions, and providing effective, business-sensitive alternatives where necessary,
- Coordinating University-wide information security program efforts,
- Managing cross-functional security projects,
- Monitoring compliance with the University's information security-related policies and its legal and contractual obligations,
- Ensuring that any weaknesses in the University's information defenses are promptly and appropriately remediated.
If you suspect that University information is at risk or has been compromised, please contact the UCT Support Center immediately.
If you have any questions or comments about information security, are planning to
implement technology to help you with your business or academic tasks, need information
security awareness training for your staff, or would like a "security check-up" for
your area to ensure your information is protected appropriately, please contact: Anthony
Scaturro, UHCL Information Security Officer, firstname.lastname@example.org.