²ÝÁñÉçÇø

The Office of Information Security (OIS) is dedicated to identifying, assessing, and mitigating risks to safeguard university data, systems, and operations. Through our risk management initiatives, we help ²ÝÁñÉçÇø stay secure, resilient, and compliant with industry standards and regulations.

Risk Assessments

We conduct comprehensive risk assessments to identify vulnerabilities across university systems, ensuring security controls are in place to prevent potential threats before they cause an issue. Risk assessments help ensure ²ÝÁñÉçÇø meets federal, state, and industry security requirements, including:

• FERPA (Student data protection)
• HIPAA (Healthcare information security)
• PCI-DSS (Credit card transaction security)
• NIST & Other Frameworks (Best practices in cybersecurity governance)

Third-Party Risk Management (TPRM)

OIS develops and enforces security policies aligned with Securitas principles to maintain a high level of cybersecurity while enabling academic and research excellence. In addition, we evaluate the security strength level of vendors and third-party partners to ensure they meet ²ÝÁñÉçÇø’s cybersecurity standards before accessing sensitive university data or systems.

Why Risk Management Matters

By proactively managing risks, ²ÝÁñÉçÇø can continue to thrive in a secure digital environment while empowering faculty, staff, and students with the resources they need. In addition, risk management helps to:

• Prevent data breaches and cyber incidents
• Protect sensitive university and personal data
• Ensure compliance with legal and regulatory requirements
• Reduce exposure to financial and reputational damage