Project Description: The goal of the Security Framework Assessment program is to measure the information security maturity of campus IT units once a year. The Information Assurance team will help unit IT staff complete a questionnaire about their unit’s practices and policies and secure unit leadership’s approval of the results. Information Assurance will compile the resulting data, present it to University leadership and Audit Committee members regularly, and refer to it during various audit processes.
Project Purpose/Business Need:
- The University’s vendors, funding partners, auditors, and insurers routinely request information about the University’s security posture. Currently, there is no good way to comprehensively communicate how well the University protects the data with which it is entrusted.
- University IT staff need to be aware of and to be able to communicate their unit’s information security strengths and weaknesses. Completed assessments will provide our staff with structure and context that will help them prioritize improvements and justify requests for time and resources.
Project Scope: Given the goal of providing a comprehensive picture of security practices, any University unit with a significant security attack surface (independent management of servers, end user devices, highly regulated data, etc.) will be asked to participate.
IT Partners Impacted by Project:
- Housing Technology
- Facilities Services
- Research Computing Center
- Secure Data Enclave
- Procurement and Payment Services
- Divinity School
- Graham School
- Library
- Manic Lab/Accelerator Bay
- Institute for Mathematical and Statistical Innovation
- Mathematics/Statistics
- Center for Advanced Radiation Sources
- Astronomy
- Computer Science
- Animal Resource Center
- Office for Shared Resource Facilities
- Comprehensive Cancer Center
- Center for Research Informatics
- Radiology
- Center for Translational Data Science
- Logan Arts Center
- UChicago Creative
- UEI IT
- Crown School of Social Work, Policy, and Practice
- Harris School of Public Policy
- Physical Sciences Division IT
- Financial Math
- JFI
- EFI
- College IT
- Laboratory Schools
- Law School
- Oriental Institute
- Urban Labs
- ARD
- Department of Safety and Security
- Humanities
- Pritzker School of Molecular Engineering
- Press IT
- Social Sciences Computing Services
- BSD Information Services
- BSD Information Security
- Chicago Booth School of Business
- IT Services
View Monthly Status Reports (cnetid required)