BU Information Security is responsible for guiding the University’s effort to protect Sensitive Information and educating the community about cyber security risks.  University operations depend on the effective use of data, powered by reliable and pervasive technology, from laptops and desktops to tablets, smartphones, projectors, printers and the network infrastructure they run on. The increasingly diverse array of connected devices that generate, share, and store our information presents a large and growing challenge for the University to secure.

Guidance for securely handling sensitive information, both in printed and electronic form, can be found on the information security web page, including tips and tricks for securing your systems, security related news and alerts and links to security policies, standards, and guidelines.

Information Security is made up of four functions:

• Architecture, Engineering & Compliance – Provides security consulting, including the review of project proposals and plans, to provide guidance on security requirements to ensure the University maintains compliance with regulations protecting sensitive information and with industry best practice; conducts risk assessments; develops new tools and technologies for securing the infrastructure and maintains the existing security infrastructure.
• Identity & Access Management Team (IAM) – Responsible for proper controls to protect University resources by enabling a single digital identity to be used across IS&T systems. The IAM Team provides the reliable ability to authenticate and access network resources, and support federation of identities with other institutions. The goal of IAM services is to simplify and streamline the user experience.
• Incident Response Team (IRT) – Responsible for detecting and responding to security incidents and cyber attacks against the University; manages the vulnerability management program; provides cyber crime investigative functions, including computer, mobile device and network forensics.
• Security Operations – Responsible for maintaining operational security for the University, including maintenance of the University firewalls; digital certificate management; application and account security for many central services such as BUworks, Student Systems, OnBase and many others; account and systems security audit functions; and operational improvement projects with security implications