Security Framework Assessment

Project Description: The goal of the Security Framework Assessment program is to measure the information security maturity of campus IT units once a year.  The Information Assurance team will help unit IT staff complete a questionnaire about their unit’s practices and policies and secure unit leadership’s approval of the results.  Information Assurance will compile the resulting data, present it to University leadership and Audit Committee members regularly, and refer to it during various audit processes.

Project Purpose/Business Need:

  • The University’s vendors, funding partners, auditors, and insurers routinely request information about the University’s security posture.  Currently, there is no good way to comprehensively communicate how well the University protects the data with which it is entrusted.
  • University IT staff need to be aware of and to be able to communicate their unit’s information security strengths and weaknesses.  Completed assessments will provide our staff with structure and context that will help them prioritize improvements and justify requests for time and resources.

Project Scope: Given the goal of providing a comprehensive picture of security practices, any University unit with a significant security attack surface (independent management of servers, end user devices, highly regulated data, etc.) will be asked to participate.

IT Partners Impacted by Project:

  1. Housing Technology
  2. Facilities Services
  3. Research Computing Center
  4. Secure Data Enclave
  5. Procurement and Payment Services
  6. Divinity School
  7. Graham School
  8. Library
  9. Manic Lab/Accelerator Bay
  10. Institute for Mathematical and Statistical Innovation
  11. Mathematics/Statistics
  12. Center for Advanced Radiation Sources
  13. Astronomy
  14. Computer Science
  15. Animal Resource Center
  16. Office for Shared Resource Facilities
  17. Comprehensive Cancer Center
  18. Center for Research Informatics
  19. Radiology
  20. Center for Translational Data Science
  21. Logan Arts Center
  22. UChicago Creative
  23. UEI IT
  24. Crown School of Social Work, Policy, and Practice
  25. Harris School of Public Policy
  26. Physical Sciences Division IT
  27. Financial Math
  28. JFI
  29. EFI
  30. College IT
  31. Laboratory Schools
  32. Law School
  33. Oriental Institute
  34. Urban Labs
  35. ARD
  36. Department of Safety and Security
  37. Humanities
  38. Pritzker School of Molecular Engineering
  39. Press IT
  40. Social Sciences Computing Services
  41. BSD Information Services
  42. BSD Information Security
  43. Chicago Booth School of Business
  44. IT Services

View Monthly Status Reports (cnetid required)

Skills

Posted on

November 2, 2021

Submit a Comment

Your email address will not be published. Required fields are marked *