Information Security & Assurance (ISA)
ISA supports the following activities:
-
Safeguarding UA's digital assets, data, and networks from potential cyber threats and attacks.
-
Implement and maintain robust security measures to protect against unauthorized access, data breaches, malware, and other security risks.
-
Conduct regular assessments to identify vulnerabilities in systems, applications, and infrastructure and then develop and deploy appropriate solutions to address these weaknesses.
-
Educate staff, faculty, and students about cybersecurity best practices and ensuring compliance with relevant security policies and regulations.
-
Maintain the confidentiality, integrity, and availability of UA's sensitive information and technology infrastructure.
Our Portfolio
Information Security and Assurance has a broad responsibility in support of UA.
Data Privacy & Compliance
Facilitates institutional efforts around data privacy and data-focused compliance.
This includes third-party data privacy incident management, contractual and regulatory
compliance review and assessment activities, etc.
Governance & Strategic Planning
We appreciate active engagement from our constituents, and governance groups provide
one such opportunity. Strategic planning efforts link ISA plans, goals, and objectives
with those of the larger IT groups and with the University System as a whole.
Identity & Access Management
Supports selected activities related to account onboarding/offboarding, lifecycle
management, privilege management, single-sign-on, multi-factor authentication, privileged
account management, federation (InCommon/eduRoam), etc.
IT Risk Management
Leads institutional efforts around IT risk management, conducts routine and ad hoc
assessments, coordinates risk registers and remediation activities, facilitates third
party/vendor risk management efforts, etc.
Records & Information Management
Provides system-wide guidance on records retention and disposition for both physical
and electronic records, supports enterprise content management platform, etc.
Security Operations & Incident Response
Coordinates system-wide security tool deployment and management, administers centralized
security tools, facilitates incident response and things like DMCA complaints, legal
holds, HR investigations, etc.