CITS

A New Information Security Collaborative has been Formed

October 30, 2014   |  By Chris Phillips

In the face of, historically, the most perilous time in information systems security, UMB has combined resources to combat mounting computer security threats as well as to meet the needs of the growing number of users who work across organizational boundaries. 

It is the responsibility of IT Leaders to establish and administer a program that adheres to Federal, State, University, and other mandatory security rules, requirements, and guidelines. The Affiliated Information Security Collaborative is a coalition developed by technology leaders and includes University schools and central offices and the UM Medicine IT Network (SOM, FPI, and UMMS).  This leadership group will establish and share operational policies, practices, and procedures that result in effective information security and the protection of information assets, protected health information, and patient and employee personal information. The Security Collaborative will establish an Information Security Working Group as a means of coordinating activities that respond to information security vulnerabilities and risks, and cyber-attacks, that cross operational intersections.

The Collaborative is launching an Information Security Program and Assessment Plan that will touch all areas of the campus. The central units that will be reviewed first are departments that manage student, financial and human resources data. They are:

  • Registrar
  • Institutional Research and Accountability
  • Financial Aid
  • Financial Services
  • Human Resources Services
  • Financial Services
  • Sponsored Projects Accounting and Compliance
  • Public Safety
  • Parking Services

The Office of Security and Compliance, located in the Center for Information Technology Services (CITS) has developed a comprehensive sequence of activities to perform information security risk assessments in these offices. The Information Security Officer (ISO) will analyze all of the information collected to determine how secure these critical data assets are. A report will be prepared that will be shared with the Chief Information Officer and Vice President (CIO/VP) and University Leadership. The report will include findings; a list of assets, threats and vulnerabilities; a risk determination, recommended controls, and a cost benefit analysis. The ISO will propose appropriate mitigation for any areas identified as weak or where standard security procedures and federal requirements are not implemented. The target date for completing the assessment of these units is August 31, 2014.

The same process will also be used to conduct control reviews for new systems not yet implemented.

Separate reports of the findings from the assessments conducted in University schools and departments and by the UM Medicine IT Network will be shared with the Information Security Work Group, the CIOs, and executive leadership as needed and appropriate. Common areas of risk as well as successful security strategies, processes, and practices will be shared to ensure that all mandatory information security requirements are met and to avoid duplication of effort. This will strengthen information security policies, practices, and solutions, and ensure coverage across the enterprise.

For even more information on the Security Collaborative, select this PowerPoint presentation about the Collaborative:

Security Collaborative Presentation