Skip to Search
Skip to Navigation
Skip to Content

University of Connecticut University Information Technology ServicesInformation Security Office

Information Security Office - About Us

Our Mission

The mission of the Information Security Office (ISO) is to design, implement and maintain an information security program that protects the University's systems, services and data against unauthorized use, disclosure, modification, damage and loss. The ISO is committed to engaging the University community to establish an appropriate information security governance structure that enables collaboration and support for new information security initiatives.

Contact

The UITS Information Security Office can be contacted by email or phone.
UITS Information Security Office
P: 860.486.4357 (HELP)
E: security@uconn.edu

President Austin’s Message Regarding Information Security

President Austin’s Message Regarding Information Security

To: The University Community

From: Philip E. Austin, Interim President

The problem of identity theft or losses and the risks for such theft or losses are on the rise in our increasingly “wired” world. Security issues at the University have increased over the last several years due to significant growth in data creation and storage, off-campus computing and the use of personal electronic devices. As a result, the University has become vulnerable to the ever-increasing risks of data loss and identity theft.

In light of this reality, I have concluded that UConn must, in the next several months, embark upon a comprehensive and deliberate effort to address computer security concerns. Our focus will be on identifying our vulnerabilities and ameliorating them, both with respect to previously acquired and stored data and data that will be acquired and stored in the future. To this end, I have asked David Gilbertson, our Associate Vice President for Information Technology, and Jason Pufahl, Director of Information Security, to develop a plan to address these concerns for the earliest possible implementation.

At a minimum, it is anticipated that this plan will involve the following components:

  • Identifying all University employees who legitimately need access to sensitive personal information, in particular Social Security numbers, and eliminating use of, or access to, these numbers by all other University employees with a strict process for periodic reviews;
  • Educating and training all University personnel in safe practices for data storage and management;
  • Employing appropriate technological tools and procedures to protect sensitive data on all University websites, servers, computers, laptops, and other electronic devices used by UConn employees, and eliminating or protecting such data as warranted;
  • Developing an on-going security plan for ensuring these appropriate and needed protections are in place moving forward.

I understand addressing these critical issues may expose our vulnerabilities, as well as past practices that were reasonable in a more benign era but now pose unacceptable risks. However, as an institution, we cannot shy away from this task. I am also mindful that this effort may involve some expense for the University, not only in terms of the monetary cost of the technical applications and extra labor, but also in terms of the time that faculty and staff will need to devote to these tasks, including updated training. Nevertheless, given the importance of this challenge and our commitment to the students, employees and alumni whose data we hold, the commitment of such resources is an investment in our future that will yield significant benefits and will ultimately be cost effective.

We will be providing more information on this project in the coming weeks. I regret any inconvenience that may ensue, but I am sure you will appreciate the importance of assuring the highest possible degree of data security. I welcome your cooperation as this plan and its implementation proceed.