IT Risk Program
Overview
Like many top-tier universities, information technology at UChicago is largely a distributed endeavor, with many units and divisions supporting the technology needs of the campus community. While this can provide some benefits, it can also mean duplication of services across campus, inefficient or sub-optimal use of resources, increased risk, and decreased visibility into a range of valuable service offerings.
The Office of the CIO, in collaboration with the Offices of the Provost and CFO, is taking a proactive approach to understanding how IT is leveraged by the University community and what measures the IT enterprise can take to reduce IT risk and maximize the impact of the institution’s overall IT investment in support of research, teaching, and business operations.
IT Risk Program
A significant factor in the University’s current IT security risk profile is related to the distributed nature of IT systems, oversight, and management across campus. Three IT Risk initiatives in the areas of data centers, end-user devices, and web properties, will strengthen IT security practices and increase efficiency, while improving service delivery and support for the research, teaching and learning, and business operations of the University.
The IT Risk Program focuses on ensuring data and systems are managed in professionally-operated data center environments; laptops and desktops are managed with common standards and reporting practices; and University web properties are secure, accessible, and well-maintained.
The Scope
The IT Risk Program spans three broad project areas, including:
Data Centers
Server rooms and their machines will be secured through a process of inventory, risk review, remediation, and in some cases, relocation. This work reduces the likelihood of data breaches, operational downtime, and data loss.
End-User Devices
End-user devices will be secured through common practices such as firewalls, anti-virus, encryption, and backup. These practices guard against external breaches and protect the privacy of research and university data, especially in an era of zero-day exploits.
Websites
Websites will be secured through policies and resources which address site patching, upkeep, accessibility, and brand observance. These processes protect the online reputation of the University.