The Information Security team is responsible for the protection of sensitive information at Boston University. Everyone at BU uses a wide variety of computing technology every day, from desktops and laptops to portable electronic devices like tablets and smartphones – and an increasing amount of sensitive information resides on these devices. A major part of what Information Security does is to help the University better understand how to properly secure those computing and electronic resources. Guidance for securely handling sensitive information, both in printed and electronic form, can be found on the information security web page, including tips and tricks for securing your systems, security related news and alerts and links to security policies, standards, and guidelines.
Information Security is made up of three groups:
- Security Operations – Responsible for maintaining operational security for the University, including maintenance of the University firewalls; digital certificate management; application and account security for many central services such as BUworks, Student Systems, OnBase and many others; account and systems security audit functions; and operational improvement projects with security implications.
- Engineering, Planning, and Architecture – Provides security consulting, including the review of project proposals and plans, to provide guidance on security requirements to ensure the University maintains compliance with regulations protecting sensitive information and with industry best practice; conducts risk assessments; develops new tools and technologies for securing the infrastructure and maintains the existing security infrastructure.
- Incident Response Team (IRT) – Responsible for detecting and responding to security incidents and cyber attacks against the University; manages the vulnerability management program; provides cyber crime investigative functions, including computer, mobile device and network forensics.