It is the mission of the UC Information Security Department to safeguard the sensitive data of our students, faculty and staff. To protect the Confidentiality, Integrity, Availability and Privacy of the business critical and regulated data needed by the University of Cincinnati in order to fulfill its mission. To protect the reputation of the University by proactively identifying existing vulnerabilities, by ensuring the remediation of those vulnerabilities and by investigation of Information Security incidents.
About UC's Information Security Department
Information Security reports directly to the Chief Information Officer(CIO) and the AVP of Public Safety. We are responsible for safeguarding the Confidentiality, Availability and Integrity of the information collected and maintained by the University.
Mark Faulkner is the interim AVP for the Office of Information Security at the University of Cincinnati. He provides direction and leadership in regards to Information Security Awareness campaigns, Risk Management, Cyber Crime investigations and the establishment of Information Security Policies, Standards and Guidelines.
- Mark Faulknet
- Interim AVP for Information Security, University of Cincinnati
- University Hall
- 51 Goodman Drive
- PO Box 2100658
- Cincinnati, Ohio 45221-0085
- E-mail: infosec@uc.edu
Services
The Information Security office at UC offers both consulting and investigative services. If you would like to review a system or business process for security or if you believe there has been a violation of information security, please contact our offices. Requests for any of the following services should be sent to infosec@uc.edu
Services Offered:
Awareness - Web page development, Posters, Presentations and Consulting on Awareness Campaigns
Training - Short courses on a variety of topics targeted at various groups
Informal Audits - These policy and legal compliance checks must be requested by the Dean, Assistant Dean or a Director level person at the site to be audited
Consulting - Have your application, system or process reviewed.
Consulting for New Projects - If you are starting a project, get us involved early! The earlier, the easier and cheaper it will be to build in compliance.
Vulnerability / Risk Assessments - Code Evaluation, Penetration Testing, Consulting, more
Investigations - Forensic analysis of computer systems, Copyright, more
Request an SSL Certificate - This will allow for a secure connection from your web server
Identity Management
Request Access to the Mainframe - Online
Request Access to the Mainframe - If you do not have access to UC email (printable request form)
To request functions, use this link.
If you have any questions about mainframe access, contact mainsec@uc.edu for assistance.
If you have any further questions, you may contact Information Security
Policies
UC Information Security Policies
Information security policies underpin the security and well being of information resources. They are the foundation, the bottom line, of information security within any institution. The university Information Security policies are formal statements that specify a set of rules that all users must follow when gaining access to the UC’s information and information systems.
To sort by a column just click on the appropriate column header
| Policy # | Policy Name | Policy Text | Status |
|---|---|---|---|
| Policy 9.1.6 | Acceptance of Risk Policy For forms and more click here |
Proposed | |
| Policy 9.1.7 | Clean Desk Policy Policy | Proposed | |
| Policy 9.1.25 | Data Center Visitor Tours | Proposed | |
| Policy 9.1.1 | Data Protection Policy Data Classification & Data Types Minimum Safeguards Data Protection and Encryption at UC Printer Trade-in and Disposal Advice |
Approved | |
| Policy 9.1.5 | ASP Programming Security Implementation | Proposed | |
| Policy 9.1.8 | Email Retention Policy | Proposed | |
| Policy 9.1.9 | Employee Verification Policy | Proposed | |
| Policy 9.1.1 | Full Disk Encryption Policy | Proposed | |
| Policy 9.1.10 | HIPAA Coverage Policy | Proposed | |
| Policy 9.1.11 | Information Security Emergency Response Policy | Proposed | |
| Policy 9.1.12 | Information Security Forensic Investigation Policy | Proposed | |
| Policy 9.1.23 | Password Policy | Proposed | |
| Policy 9.1.27 | Information Security Design & Architecture Review | Approved | |
| Policy 9.1.13 | Password Reset Policy | Proposed | |
| Policy 9.1.4 | PII Production Data Use | Proposed | |
| Policy 9.1.14 | Privileged Access Policy UC InfoSec F41 Privileged Access Agreement |
Proposed | |
| Policy 9.1.15 | Remote Authentication into Sensitive Accounts Policy | Proposed | |
| Policy 9.1.16 | Security Awareness and Education Policy | Proposed | |
| Policy 9.1.17 | Security Data Retention Policy | Proposed | |
| Policy 9.1.18 | Suspension of Accounts Policy | Proposed | |
| Policy 9.1.19 | System Level Account Policy | Proposed | |
| Policy 9.1.20 | Trusted Entity Policy | Proposed | |
| Policy 9.1.21 | Umbrella Information Security Policy | Proposed | |
| Policy 9.1.2 | Vulnerable Systems Policy | Approved | |
| Policy 9.1.31 | Computer Locking Policy | Approved | |
| Policy 9.1.48 | Server Security Baseline Standard | Proposed | |
| Policy Number | Policy Name | Policy Text | Status |
What is necessary for the success of Security Policies:
For the above security policies to succeed they must follow these guidelines:
- Management must support the policies.
- The policies must be technically feasible.
- The policies must be implemented globally throughout the institution.
- The policies must clearly define responsibilities for users, faculty, administrators and management.
- The policies must be flexible to adapt to changing technologies and institution goals.
- The policies must be understandable.
- The policies must be widely distributed.
- The policies must be enforceable.
- The policies must provide sanctions for users violating the policies.
- The policies must contain a response plan for when security breaches are exposed.
Upcoming Events
Coming in October: Information Security Awareness Week
Stay tuned for more details!
Contact Us
Via E-mail: infosec@uc.edu
Via Phone: 513-558-ISEC(4732)