About IT Security
Information Technology Security means protecting information and information systems from unauthorized access, disclosure, disruption, modification, or destruction.
While the term "computer security" may focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer, in most cases, IT security focuses on data, networks and systems and has three primary goals.
Colleges and universities amass a great deal of information. Most of this information is now collected, processed, and stored on computers and transmitted across networks. In some cases, protecting this information is a legal requirement and in others, it is necessary to be compliant with industry standards such as PCI or HIPAA.
For Radford University, the Code of Virginia as well as certain U.S. Codes require that effective IT security measures be in place. The Information Security Officer is responsible for developing, coordinating and managing the University’s information security program. The ISO duties are as follows:
- Develop and manage an information security program in a manner commensurate with risk.
- Develop and manage an Intrusion Detection System (IDS) program in a manner commensurate with risk.
- Develop and maintain an information security awareness and training program for University IT users with access to sensitive systems, networks or data, including contractors and IT service providers. Require that all sensitive IT system users complete required IT security awareness and training activities prior to, or as soon as practicable after, receiving access to sensitive systems, and no less than annually, thereafter.
- Verify and validate that all University IT systems, networks and data are classified for sensitivity and maintain awareness of the security status of sensitive IT systems.
- Implement and maintain the appropriate balance of preventative, detective and corrective controls for University IT systems commensurate with data sensitivity, risk and systems criticality.
- Mitigate and report all IT security incidents in accordance with 2.2-603 of the Code of Virginia and take appropriate actions to prevent recurrence.
- Provide solutions, guidance, and expertise in IT security matters.
- Review and approve System Security Plans that provide adequate protections against security risks or disapprove System Security Plans that do not provide adequate protections against security risks, and require that the System Owner implement additional security controls on the IT system to provide adequate protections against security risks.
- Perform annual internal reviews and vulnerability assessments for all identified sensitive systems.
- Develop and lead Computer Security Incident Response Team (CSIRT) to prepare for intrusions and threats.
- Provide annual role-based training to system owners, data owners, system administrators and application administrators.
IT security is an ongoing effort that strives to protect university systems, networks and data. For more information, contact Radford University's Information Security Officer.