IT Security
Information Security & Compliance
The Department of Information Security & Compliance (ISC) assesses IT security risks and controls to ensure compliance, and we identify opportunities for improvement. The Division of Information Technology develops and promotes resources for safe computing practices, including:
Information Security – Collaborates with the campus community to protect the integrity of campus information technology infrastructure, mitigating risks and losses associated with security threats while supporting access to technology. IT Security provides risk, threat analysis, alert, vulnerability monitoring, investigation, and advisory services for the University's computing and information assets to improve preventative, detective, and corrective controls. IT Security also collaborates with faculty and students to support teaching, learning, and research related to IT cybersecurity.
Information Compliance – Facilitates information to improve the efficiency and effectiveness of the internal controls and assessment processes, monitor regulations for new or changed requirements, and coordinate with internal and external auditors to ensure compliance. Assists senior management in identifying IT-related control gaps and associated remediation plans and ensures that policies and procedures are current. We maintain core IT risk processes according to industry standards/frameworks (e.g., ISO27001-2, COBIT, ITIL, NIST, etc.). Compliance requirements include, but are not limited to, FERPA, HIPAA, PCI DSS, Section 508, GLBA, the Red Flag Rule, and GDPR.
Business Continuity and Disaster Recovery – Work with the University community to establish IT disaster recovery and business continuity criteria and plans.
Accessible Technology – Leadership, oversight, and coordination for the campus implementation of the CSU's Accessible Technology Initiative (ATI) to comply with Section 508, WCAG 2.1 AA, and WAI-ARIA. It includes each of the three priority areas of ATI: web accessibility, instructional materials accessibility, and procurement.
Resources
- Visit the Report an IT Security Concern page for information on reporting an incident.
- For security tips see eHelp's Information Security article.
- For additional information, view our Policies, Procedures, and Guidelines page.