OIT STRATEGIC ROADMAP
Protecting Our Institutional Data
As the world becomes more mobile and accessible online, threats to UCI institutional information, resources and privacy are increasing. The Office of Information Technology continues to rise to the challenge. Security is not a centralized vault that can be locked shut from intruders, but a shared responsibility, a unified effort where all parties contribute. UCI is expanding successful shared services and technologies on a macro level, while simultaneously empowering users with tools to protect their systems and data from vulnerabilities on an individual level.
Defense In Depth: People, Process, Technology
UCI's security initiatives are designed to maximize risk-informed data protection. The vision is to combine proven, robust platforms with intuitive processes that embed security seamlessly within the delivery of UCI’s teaching, learning, community and research missions.
UCI’s growing Security Operations Center is designed to enable proactive detection of vulnerabilities and early signs of potential of potential breaches. This initiative includes retiring legacy tools and moving to enterprise class platforms, including a Security Information and Event Management (SIEM) system, allowing analysts to see correlations more efficiently, and recognize risks more quickly.
Our ability to protect data on a micro level is expanding. UCI is building on successful deployments of FireEye end-point security and Duo two-factor authentication. FireEye will now protect all high-risk systems, while Duo coverage grows to include VPN and Office 365, and ultimately include the entire UCI student population.
Preparing our researchers to meet increasing cyber standards from funding agencies, including the Department of Defense and Department of Justice, will ensure UCI continues to receive critical grant money. Working in concert with researchers to evaluate security levels needed for proper data protection, and providing environments that meet them, enables principal investigators to continue receiving grants using data that needs more security controls than they ever have before. The Security team, in partnership with the Office of Research and the Research Cyberinfrastructure Center (RCIC) will focus on increasing awareness of security and compliance requirements and developing shared services for expanded data security in research.