Information Security Office
In the University of Chicago Biological Sciences Division (BSD), all elements of academic medicine — basic and translational research, education, and patient care — come together in a single campus. The Office of the CRIO and departmental IT groups provide advanced, secure technologies and services to enable clinical, translational, and basic science research. The security of IT systems and information assets is dependent on the individuals managing as well as the individuals utilizing such resources. The BSD Information Security Office is committed to supporting the principles of academic freedom and the free exchange of ideas; the BSD’s information security initiatives are intended to support those principles while still maintaining an appropriate level of security.
Our Services
The ISO will provide guidance and tools for implementing process controls on IT-related activities to meet compliance requirements, including support for internal or external audit inquiries related to BSD IT security controls.
The BSD Information Security Office (ISO) can assist you with identifying security requirements with your project and ensure that these systems are protecting your data through the Security Assessment and Authorization (SAA) service.
The goals of the SAA processes are to provide a consistent approach for identifying and quantifying security risks of information systems supporting academic and research activities and to provide the BSD with a better understanding of the security risks within the BSD network. Click here for more information on the BSD SAA process.
The ISO will provide consultation to help BSD units respond to security assessment findings; resolve information technology risks, threats, and vulnerabilities; and implement adequate risk mitigation measures. This includes working with departments to establish the security components of projects at any phase of implementation, including security hardware and software to help safeguard data.
The ISO will create, review, and maintain documentation to support information security policies, standards, and guidelines that align with appropriate regulations and industry best practices. Click here for more information on Policies and Standards.
The ISO will coordinate access to QualysGuard scanners and allocate licenses and user accounts to designated business units where there is a demonstrated need for vulnerability scanning. Implementation and support include system scanning of servers, network devices, or workstations. This can be done for individual devices or for whole departments.
The ISO will assist departments in investigating and coordinating appropriate responses for IT security incidents, in collaboration with ITS and UCMIT information security offices, General Counsel, and the HIPAA Program Office.
The ISO will automate aggregation, correlation, and analysis of log data from departmental systems, BSD infrastructure, and other key assets. This includes providing real-time analysis of logs and alerts from security devices, network infrastructure, servers, and other key assets by certified security experts.
The Security Event Monitoring system is available to customers 24/7, excluding planned outages, maintenance windows, and unavoidable events.
The ISO will provide full lifecycle management and monitoring of firewall appliances, including hardware and software components required to provide firewall services.
The ISO will provide security awareness educational materials, including printed materials, online learning modules, presentations, and security product demonstrations for faculty, staff, and researchers. Click Here for Phishing awareness.