Skip redundant pieces
Information Resources
Information Resources  :  Strategic Initiatives : Information Security

IR Strategic Initiatives


Information Security

Information security protects the University's sensitive information (Protected Health Information, Personal Identity Information, Student Directory and Financial Information, etc.).  Effective information security is essential to maintaining an organization's credibility as a responsible steward of privileged information. 

Strategic directions

  1. Address the substantial security issues associated with mobile computing devices from both the technical and behavioral perspectives.
  2. Adopt automated logging consolidation, analytics, and alerting to streamline and simplify the identification of security threats at the network and server levels.
  3. Improve non-Windows security management, focusing in particular on Macintosh personal computers and Solaris servers.

Major objectives (an objective is ongoing if no target deadline is included)

  • IS-4: Implement a “security event manager” to analyze and summarize the voluminous data we get from security logs (thus alerting us to potential security issues) sometime during FY2009. (SC)
  • IS-5: Upgrade our firewall by December 31 2008 concomitantly with the network upgrade described in NC-2 – NC-5 above. (MF)
  • IS-7: Enhance current vulnerability (“patch”) management practices to include all non-Microsoft operating systems and applications by December 31 2008. (SC)
  • IS-8: Implement additional Macintosh computer security standards comparable to our Windows strategies by June 30, 2009. (SC, MF)
  • IS-9: Investigate the applicability of advanced authentication technologies (biometric scans, token or proximity cards, two-factor, etc.) in various settings (office, clinical, and others) and develop strategies for advanced authentication across KUMC by June 30 2009. (MF, SC)
  • IS-10: Develop formal security standards and auditing practices for our database servers and web servers (including web applications) by December 31, 2008. (SC)
  • IS-11: Implement password crypting and firecall by June 30, 2008. (SC)
  • IS-13: Complete initial iteration of software license compliance process within University departments by June 30, 2008. (JLB)
  • IS-14: Rewrite the current Central Server Database to upgrade it to newer technology and to provide workflow capability.  When completed, the system will track information about servers from purchase through disposal by June 30, 2008.  (JW, SC)