Information Security

The Office of Information Security supports App State by improving the identification and management of risks related to university information resources and fostering resilient, safe computing environments for our community.

We achieve our mission through vision, innovation, strong partnerships, broad collaboration and outstanding program services.

Contact

James Webb
Chief Information Security Officer (CISO)
email: security@appstate.edu
website: security.appstate.edu

Services

Policy and Compliance

Help the university maintain compliance with federal law, state law, UNC standards and contractual obligations related to the secure management of information assets by:

  • Overseeing the establishment of policies, standards and guidelines that define university responsibilities and practices for secure information management
  • Providing technical compliance consulting and services for ISO 27002, PCI-DSS, DMCA, FERPA and HIPAA
  • Providing consultative review for IT security compliance issues

Security Awareness

Help university faculty, staff and students remain aware of security threats, relevant guidelines and best practices to manage information security risks, by providing:

  • Online training
  • Role based training based on university responsibilities and needs
  • Compliance based training to meet information security compliance needs including PCI-DSS

Risk Assessment

Evaluate and test software, data procedures and physical environments for potential security issues and help identify potential measures that can lower risks. Risk assessment and security testing services include:

  • Department risk assessment: Help departments identify procedural and technical risks that can lead to information security or business continuity issues
  • Vulnerability scanning: Scan networked devices and servers to identify common security issues and identify needed fixes
  • Software testing: Review software applications and agreements to determine potential security risks
  • Web application testing: Test web applications for common flaws and security weaknesses that might result in a security compromise

Data Forensics

Help preserve electronic information in a forensically sound manner as well provide analysis of data artifacts. Types of services provided include:

  • Data recovery: Use a number of tools to assist with recovering erased or potentially corrupted files and data
  • Electronic preservation: Provide services when electronic data must be preserved in a manner that is well-documented and ensures data integrity and validation
  • Forensic analysis: Offer services to examine and review data artifacts to help answer questions related to the disposition of university data

Incident Response

Provide value to the university by detecting, coordinating and managing the handling of cybersecurity incidents. Types of services provided include:

  • Attack detection: Provide services to detect cyber-attacks against the university to identify potential security issues and address them responsively
  • Incident coordination: Oversee the coordination of cybersecurity incidents, including their analysis and remediation. We also perform after-action review to capture information regarding attacks and evaluate defensive measures

IT Acquisitions

A collaborative review process by various IT Governance groups administered through the Office of the CIO for software and hardware purchasing and procurement.