The Office of Information Security (ITS-OIS) is the University's information security unit. ITS-OIS works to advance the management of risks related to University information resources and fosters resilient and safe computing environments for the University community.
Chief Information Security Officer
IT Security Office Website
Security Advisory Council
The goal of this council is to ensure that the IT Security Plan is aligned to the needs of the University community, focused on salient education and awareness opportunities, and driven to achieve reasonable, cost-effective, and holistic managment of risks related to University information resources. Read More
Security Awareness Training
The most important part of the University is its community - its faculty, staff and students. That community can't protect data if it doesn't know what the threats are and how to identify them. The Information Security team is responsible for developing a Security Awareness Program that will enable people to identify and address those potential threats.
If you ever have suspicions about a website, an email or a phone call, please call the Help Desk at 828-262-6266.
Intrusion Detection and Security Monitoring
Malware, such as a virus, can infect a computer and steal everything from files to usernames and passwords. The Information Security team identifies those compromised systems and identifies and mitigates attacks against the University's network and servers.
Sometimes things happen that are outside of our control. Snow and ice can cause a loss of electricity or a tornado may destroy an entire data center. To protect against these occurrences, the Information Security team will work with the rest of the campus community to identify those services that are mission-critical and to help design, implement and evaluate a comprehensive Disaster Recovery Plan.
Incident Handling and Management
An "incident" is anything that might result in data being either lost, leaked or unavailable. Examples include an infected laptop, a "hacked" server, someone replying to an email with their username and password and an important file being unintentionally modified on a server. The Information Security team is responsible for coordinating the response to those incidents to minimize the impact on the University community.
As stewards of University data, we are expected to follow best practices and properly safeguard sensitive and critical data - this lowers the risk of an incident and will be based on additional in-depth security training for the people who provide systems that store, process and transmit University data.
The Information Security team will partner with Internal Audits and server administrators across campus to assist them deploying and auditing their systems in compliance with necessary regulations and configuration standards.