Security Consulting and Assessment

Securing workstations, servers, and other devices in a University atmosphere can be a challenge. The KU network is constantly being probed for vulnerabilities. In addition, new initiatives for security in grant environments, federal regulations, such as HIPAA, FERPA and GLBA, have required much more stringent guidelines for security. Please contact ITSO at 864-8080 or itsec@ku.edu to learn how we can assist your department in developing, planning and designing security protocols in your environment.

Security Consulting

The IT Security Office offers security consulting to help University customers understand and compy with best practices. Most importantly, we help protect your data and systems.

The Security Office staff will arrange time to discuss strategies and/or methods for securing your environment and reducing your exposure to the outside world. This may include working with third-party vendors for application security.

Security Assessments

Risk management is the ongoing process of identifying risks—whether accidental or malicious—to information assets and implementing plans to address and mitigate those risks. Often, however, the number of assets potentially at risk outweighs the resources available to manage them. It is therefore extremely important to know where to apply available resources to mitigate risk in a cost-effective and efficient manner. Risk assessment is the part of the ongoing risk management process that assigns relative priorities for mitigation plans and implementation.

There are many points to consider in the design, implementation, and goals of a Risk Assessment Methodology.

  • Risk assessment should be thought of as an ongoing process, not as a one-time project. The process is described as a set of steps that are continually repeated. At the outset, however, there is a startup process that usually is not repeated.
  • Conducting a university-wide information risk assessment is a process that will require strong commitment from upper administration and collaboration between cross-functional units. Assessing information risks is a management issue, not a technology issue; therefore, to be most effective, the process should be considered the responsibility of all members of management.
  • In light of current and pending federal and state legislation, it is imperative for universities to recognize that information risk management must be part of their strategic planning.
  • Due to the complexities of a university environment, a university-wide information risk assessment requires planning and, more importantly, a strategy that systematically increases the scope of the information risk assessment until it encompasses all university areas.
  • An effective university information risk assessment needs to become a part of the culture of the university community, involving not only IT-staff but also all staff, administrators, faculty, and students. Education and awareness efforts should be aimed at all of these constituencies.
  • Effective risk management practices require a "risk aware" culture: universities need to expand their information security training and awareness programs to emphasize the importance of adopting risk management principles.
  • A sound risk management program can serve as the basis for prioritizing and resolving possible funding conflicts.

The IT Security Office uses a risk assessment methodology called the OCTAVE method.

 



 


Technology Help
IT Knowledgebase
Knowledge Base
FAQs & more
Phone support
785-864-8080
Phone support
itcsc@ku.edu
itcsc@ku.edu
Support via email
Virtual Service Desk
Virtual Service Desk
Online help

Have comments or ideas on how we can serve you better? Send us your feedback!

 

One of 34 U.S. public institutions in the prestigious Association of American Universities
26 prestigious Rhodes Scholars — more than all other Kansas colleges combined
Nearly $290 million in financial aid annually
1 of 9 public universities with outstanding study abroad programs.
—U.S. News & World Report
46 nationally ranked graduate programs.
—U.S. News & World Report
Top 50 nationwide for size of library collection.
—ALA
$275 million in externally funded research expenditures
23rd nationwide for service to veterans —"Best for Vets," Military Times