Skip to main content

About

Colleges and universities amass a great deal of information. Most of this information is now collected, processed, and stored on computers and transmitted across networks. In some cases, protecting this information is a legal requirement and in others, it is necessary to be compliant with industry standards such as PCI or HIPAA.

For Radford University, the Code of Virginia as well as certain U.S. Codes require that effective IT security measures be in place.  The Information Security Officer is responsible for developing, coordinating and managing the University’s information security program.

ISO Duties

  1. Develop and manage an information security program in a manner commensurate with risk.
  2. Develop and manage an Intrusion Detection System (IDS) program in a manner commensurate with risk.
  3. Develop and maintain an information security awareness and training program for University IT users with access to sensitive systems, networks or data, including contractors and IT service providers. Require that all sensitive IT system users complete required IT security awareness and training activities prior to, or as soon as practicable after, receiving access to sensitive systems, and no less than annually, thereafter.
  4. Verify and validate that all University IT systems, networks and data are classified for sensitivity and maintain awareness of the security status of sensitive IT systems.
  5. Implement and maintain the appropriate balance of preventative, detective and corrective controls for University IT systems commensurate with data sensitivity, risk and systems criticality.
  6. Mitigate and report all IT security incidents in accordance with 2.2-603 of the Code of Virginia and take appropriate actions to prevent recurrence.
  7. Provide solutions, guidance, and expertise in IT security matters.
  8. Review and approve System Security Plans that provide adequate protections against security risks or disapprove System Security Plans that do not provide adequate protections against security risks, and require that the System Owner implement additional security controls on the IT system to provide adequate protections against security risks.
  9. Perform annual internal reviews and vulnerability assessments for all identified sensitive systems.
  10. Develop and lead Computer Security Incident Response Team (CSIRT) to prepare for intrusions and threats.
  11. Provide annual role-based training to system owners, data owners, system administrators and application administrators.

Maecenas volutpat in sapien sit amet venenatis. Vivamus dapibus dignissim justo, non hendrerit eros maximus ut. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Vivamus lobortis, turpis fermentum vehicula porttitor, erat est pellentesque libero, eu posuere risus eros sed orci. Duis tempus sodales purus, id posuere mauris malesuada lacinia. Etiam vestibulum, nisl ut interdum sodales, urna diam sodales ex, et ornare velit turpis in sapien. Integer placerat pulvinar lacus quis fringilla. Ut bibendum faucibus vehicula. Pellentesque sagittis ipsum sed nulla mollis efficitur. Vivamus accumsan auctor interdum. Vestibulum viverra dui finibus, convallis ex aliquam, interdum magna. Aliquam sagittis vulputate rutrum.

Training Programs

Updates to the Security Awareness Training

A new training platform, KnowBe4, has replaced the previous SANS training in Litmos. This new platform will provide guidance on safely using University technology, and allow users to meet the annual requirement.

Radford University requires all team members to complete SANS Security Awareness Training annually in order to protect university systems, networks, and sensitive data from cybersecurity threats.  This helps ensure that all users understand their responsibilities in maintaining a secure IT environment. 

In addition to general awareness training, the University provides annual role-based training for System Owners, Data Owners, System Administrators, and Application Administrators. These specialized training programs aim to establish a proper understanding of university security standards and best practices.

New employees must complete the IT Security Awareness Training within 30 days of starting employment.

IT Security Best Practices

Learn simple cybersecurity habits that help protect personal information, university systems, and digital resources from common online threats.

  • Phishing

    Phishing is a common cyberattack that uses fake emails, messages, or websites to steal sensitive information. Avoid clicking links or attachments, and verify unexpected requests before responding.

  • Internet Safety

    Internet Safety involves using the web responsibly to help protect personal and university information. Avoid suspicious websites and downloads, use secure connections, and be cautious when sharing sensitive information online.

  • Password Security

    Password security helps protect accounts and sensitive information from unauthorized access. Use strong, unique passwords, avoid sharing credentials, and enable multi-factor authentication whenever possible.

Digital Millenium Copyright Act (DMCA)

The Digital Millennium Copyright Act (DMCA) is a United States copyright law that criminalizes unauthorized access to and distribution of copyrighted works. It also criminalizes the act of circumventing access controls, whether or not there is actual infringement of copyright. The DMCA strengthens the penalties for copyright infringement on the Internet.

In addition to violating the University's Acceptable Use Policy [PDF], unauthorized distribution of or access to copyrighted material, including peer to peer file sharing, may subject students, faculty, and staff to civil and criminal liabilities.

The Information Security Officer (ISO) is the Registered DMCA Agent for Radford University and is listed as such in the United States Copyright Office Directory of Service Provider Agents. In order to be considered a valid DMCA notification, copyright holders must submit DMCA notifications to the ISO. Upon receiving a valid DMCA notification, the ISO will actively investigate and report findings to the Dean of Students (for alleged student infringement) or Human Resources (for alleged faculty/staff infringement) for review and possible disciplinary actions.

Radford University encourages and supports the use of legal downloading services. Educause maintains a list of these services.

    Apply NowPlan a Visit