The Institute IT Security Program offers many services to Units, Departments, Centers, and individuals and are necessary for the normal day-to-day operations of the IT Security Program. By providing consulting and support through these services, the Institute’s Chief Information Security Officer (CISO) is able to help reduce risk to the Institute’s data and IT assets. Should you have questions about how these services can help you, please contact Sandy Lindsey.
The Institute’s Chief Information Security Officer (CISO) works with all covered entities and business associates to ensure compliance is maintained according to HIPAA (Health Insurance Portability and Accountability Act of 1996) regulations, providing data privacy and security protections for safeguarding medical information.
IT Security Assessment
The goal of a security assessment is to ensure that necessary security controls are integrated into the design and implementation of a project or service. The Institute’s CISO can provide a security assessment that includes documentation outlining any security gaps between the project and/or service, and approved security policies.
IT Security Awareness, Training, and Education
In addition to the required annual training, specialized training can be developed for departments or units upon request. Monthly educational emails are sent to all Institute employees with each topic being relevant to current situations or events, and specific topics may be requested.
IT Security Solutions Design
The Institute’s CISO provides security solutions for requested projects or services based on the NIST standards; Institute policies, plans, and procedures; University policies; applicable laws; and the business needs of the user, e.g., recommendations concerning cloud storage for moderate data such as student records, human health records, or intellectual properties.
The Institute’s CISO validates the compliance of information transferred across the Institute’s networks based on PCI DSS (Payment Card Industry Data Security Standards) regulations by working with each merchant to ensure the proper security controls are in place. Annual on-site assessments are conducted with each merchant to verify full PCI compliance.