Information Security

Information Security (IS) is the most recent addition to the Information Technology Services family. The Information Security team is responsible for designing and implementing a comprehensive Information Security (IS) Plan to protect the digital assets of the University community.

Contact

James Webb
Chief Information Security Officer
828-262-6277
webbjt@appstate.edu

It Security Office website

https://security.appstate.edu

Services

Security Advisory Council

The goal of this council is to ensure that the IT Security Plan is aligned to the needs of the University community, focused on salient education and awareness opportunities, and driven to achieve reasonable, cost-effective, and holistic managment of risks related to University information resources. Read More

Security Awareness Training

The most important part of the University is its community - its faculty, staff and students. That community can't protect data if it doesn't know what the threats are and how to identify them. The Information Security team is responsible for developing a Security Awareness Program that will enable people to identify and address those potential threats.
If you ever have suspicions about a website, an email or a phone call, please call the Help Desk at 828-262-6266.

Intrusion Detection and Security Monitoring

Malware, such as a virus, can infect a computer and steal everything from files to usernames and passwords. The Information Security team identifies those compromised systems and identifies and mitigates attacks against the University's network and servers.

Disaster Recovery

Sometimes things happen that are outside of our control. Snow and ice can cause a loss of electricity or a tornado may destroy an entire data center. To protect against these occurrences, the Information Security team will work with the rest of the campus community to identify those services that are mission-critical and to help design, implement and evaluate a comprehensive Disaster Recovery Plan.

Incident Handling and Management

An "incident" is anything that might result in data being either lost, leaked or unavailable. Examples include an infected laptop, a "hacked" server, someone replying to an email with their username and password and an important file being unintentionally modified on a server. The Information Security team is responsible for coordinating the response to those incidents to minimize the impact on the University community.

Configuration Review

As stewards of University data, we are expected to follow best practices and properly safeguard sensitive and critical data - this lowers the risk of an incident and will be based on additional in-depth security training for the people who provide systems that store, process and transmit University data.

The Information Security team will partner with Internal Audits and server administrators across campus to assist them deploying and auditing their systems in compliance with necessary regulations and configuration standards.