Information Security & Assurance (ISA)

ISA supports the following activities:

  • Safeguarding UA's digital assets, data, and networks from potential cyber threats and attacks.
  • Implement and maintain robust security measures to protect against unauthorized access, data breaches, malware, and other security risks.
  • Conduct regular assessments to identify vulnerabilities in systems, applications, and infrastructure and then develop and deploy appropriate solutions to address these weaknesses.
  • Educate staff, faculty, and students about cybersecurity best practices and ensuring compliance with relevant security policies and regulations. 
  • Maintain the confidentiality, integrity, and availability of UA's sensitive information and technology infrastructure.
About Us

Our Team, Governance, Opportunities to get Involved

Documentation

Program Information, Standards, and Supporting Content

Our Services

View and Request Services from our Interactive Service Catalog

Security Matters

Be a part of the solution!

Our Portfolio

Information Security and Assurance has a broad responsibility in support of UA. 

 

  Data Privacy & Compliance
Facilitates institutional efforts around data privacy and data-focused compliance.  This includes third-party data privacy incident management, contractual and regulatory compliance review and assessment activities, etc.



  Governance & Strategic Planning
We appreciate active engagement from our constituents, and governance groups provide one such opportunity.  Strategic planning efforts link ISA plans, goals, and objectives with those of the larger IT groups and with the University System as a whole.

  Identity & Access Management
Supports selected activities related to account onboarding/offboarding, lifecycle management, privilege management, single-sign-on, multi-factor authentication, privileged account management, federation (InCommon/eduRoam), etc.

  IT Risk Management
Leads institutional efforts around IT risk management, conducts routine and ad hoc assessments, coordinates risk registers and remediation activities, facilitates third party/vendor risk management efforts, etc.



  Records & Information Management
Provides system-wide guidance on records retention and disposition for both physical and electronic records, supports enterprise content management platform, etc.



  Security Operations & Incident Response
Coordinates system-wide security tool deployment and management, administers centralized security tools, facilitates incident response and things like DMCA complaints, legal holds, HR investigations, etc.