Information Security

The Office of Information Security (OIS) is the University's information security unit. OIS works to advance the management of risks related to University information resources and fosters resilient and safe computing environments for the University community.


James Webb
Chief Information Security Officer

OIS Website


Security Advisory Council

The goal of this council is to ensure that the IT Security Plan is aligned with the needs of the University community, focused on salient education and awareness opportunities, and driven to achieve reasonable, cost-effective and holistic management of risks related to University information resources. Read More

Security Awareness Training

The most important part of the University is its community - its faculty, staff and students. That community can't protect data if it doesn't know what the threats are and how to identify them. The Information Security team is responsible for developing a Security Awareness Program that will enable people to identify and address those potential threats.

If you have suspicions about a website, an email or a phone call, please call the Help Desk at 828-262-6266.

Intrusion Detection and Security Monitoring

Malware, such as viruses, can infect a computer and steal everything from files to usernames and passwords. The Information Security team identifies those compromised systems and identifies and mitigates attacks against the University's network and servers.

Disaster Recovery

Sometimes things happen that are outside of our control. Snow and ice can cause a loss of electricity or a tornado may destroy an entire data center. To protect against these occurrences, the Information Security team will work with the rest of the campus community to identify those services that are mission-critical and to help design, implement and evaluate a comprehensive Disaster Recovery Plan.

Incident Handling and Management

An "incident" is anything that might result in data being either lost, leaked or unavailable. Examples include an infected laptop, a "hacked" server, someone replying to an email with their username and password and a critical file being unintentionally modified on a server. The Information Security team is responsible for coordinating the response to those incidents to minimize the impact on the University community.

Configuration Review

As stewards of University data, we are expected to follow best practices and properly safeguard sensitive and critical data - this lowers the risk of an incident and will be based on additional in-depth security training for the people who provide systems that store, process and transmit University data.

The Information Security team will partner with Internal Audits and server administrators across campus to assist them in deploying and auditing their systems in compliance with necessary regulations and configuration standards.