Information security protects the University's sensitive information (Protected Health Information, Personal Identity Information, Student Directory and Financial Information, etc.). Effective information security is essential to maintaining an organization's credibility as a responsible steward of privileged information.
- Address the substantial security issues associated with mobile computing devices from both the technical and behavioral perspectives.
- Adopt automated logging consolidation, analytics, and alerting to streamline and simplify the identification of security threats at the network and server levels.
- Improve non-Windows security management, focusing in particular on Macintosh personal computers and Solaris servers.
- Investigate the applicability of advanced authentication technologies (biometric scans, token or proximity cards, two-factor, etc.) in various settings (office, clinical, and others) and develop strategies for advanced authentication across KUMC.
- Develop a comprehensive plan for addressing web application security issues, including emerging technologies such Web 2.0.
- Establish the necessary framework to assure KUMC's ability to prevent, respond to, and mitigate security incidents.
- Assure KUMC's ongoing compliance with existing legal and regulatory requirements pertaining to data security.
Major objectives (an objective is ongoing if no target deadline is included)
- IS-8: Implement additional Macintosh computer security standards comparable to our Windows strategies, including Mac encryption. Due by 4/30/2013 (MF, SC)
- IS-16: Assure compliance with Payment Card Industry Data Security Standards (PCI-DSS). (SC)
- IS-20: Develop formal security standards and auditing practices for our database servers. (Oracle completed; SQL in progress). Due by 12/31/2013. (SC)
- IS-25: Implement mobile device management (MDM) to support secure management of KUMC data on personal devices. Due by 12/31/2013. (SC)
- IS-26: Identify and implement a secure cloud storage solution in support of BYOD initiatives. Due by 12/31/2013. (SC)
Apr 03, 2013