Skip to main content


McMicken HJall


Collaborate with and serve the university community by enabling protection of information assets and supporting the academic and research objectives of the university.

Core Security Functions

To fulfill our mission, the IT@UC Office of Information Security offers four primary areas of support to UC:

  • Governance & Compliance
  • Education & Awareness
  • Information Security Risk Management
  • Cyber Incident Response & Forensics

Governance & Compliance

  • Lead the Information Security and Compliance Governance Committee to pursue and establish information security best practices that enable the university to meet its core mission
  • Establish university information security policies, standards, procedures, and guidelines to facilitate availability, integrity, and confidentiality of data
  • Collaborate with internal and external partners on projects pertaining to information security
  • Integrate information security into the university's academic, research, and administrative processes

Education & Awareness

  • Promote information security through collaboration with students, university academic and administrative units, and strategic partners
  • Integrate with the university's on-boarding program to educate new hires on information security essentials
  • Provide specialized training programs to meet various compliance needs
  • Coordinate periodic campus wide shredding events
  • Develop tomorrow's information security professionals through traditional classroom experience, hands on learning, and community engagement
  • Foster responsible digital citizenship within a modern society

Information Security Risk Management

  • Develop and provide tools to university units to assess their information security risk posture
  • Engage with key strategic partners to enable the university to achieve its objectives by limiting information security risk exposure
  • As requested, perform security reviews of enterprise technology services and vendor vetting prior to implementation
  • Perform regular system vulnerability assessments and communicate results to asset custodians
  • Provide digital asset protection capabilities and support to technical units across the institution
  • Facilitate and validate issuance of digital security certificates
  • Continuously review inquiries from the university community and respond in accordance with internal procedure
  • Once disaster recovery capabilities are in place, review and modify the program continuously to address lessons learned following test execution, recovery event, or significant changes

Cyber Incident Response & Forensics

  • Proactively monitor critical university systems for indicators of compromise and malicious activity
  • Identify, triage, and facilitate response to events negatively effecting the availability, integrity, and confidentiality of university assets or data
  • Maintain the integrity of university's digital environment by isolating vulnerable or compromised digital systems
  • Serve as the university's Information Security Incident Response Team (ISIRT) and engage other relevant parties when unauthorized activity to university computing or network resources, equipment, or data is suspected
  • Provide expertise to support digital forensic analysis upon the request from the UC Office of General Counsel, Internal Audit, Public Safety, Human Resources, or another authorized party