Purpose

The mission of the University Information Security Office is to support education and research by coordinating incident response and advocating secure practices. The office reports to the Office of the Vice President for Information Technology through the Deputy Chief Information Officer.

Values

• We believe information security is a team sport.
• We believe the best solutions are practical and evidence-based.
• We believe measurement and reporting are vital to a safe computing environment.

What We Do

Success in information security is a sustained reduction in the impact of security incidents. We help by coordinating incident response, reporting on safeguard adoption, and providing a foundation for units to protect data and IT resources. In consultation with the University's Information Security Advisory Committee, we deliver security awareness and training; track compliance with requirements; isolate infected devices on the network; and provide expertise about new technologies and compliance areas, such as HIPAA and PCI.

Organizational units value serving users as best as they see fit. Policy IT 3.00–Information Security empowers them to meet security requirements by implementing protections in ways they deem most appropriate.

Some data are subject to regulatory and legal requirements external to the university. The university itself is subject to the state of South Carolina's Information Security and Privacy Standards, maintained by its Division of Information Security. Organizational units are responsible for implementing adequate safeguards based on their data's classification, and the Information Security Office tracks their progress. Our office also supports units' Security Liaisons in prioritizing and planning protections.

To contact the University Information Security Office, please open a ticket through ServiceNow.