Departments

• OIT Groups - Overview
• Campus Help Desk
• Fiber & Cable Installation
• Network Operations & Services
• (NetOpS)
• Network Support Center
• OIT Architecture
• OIT Systems & Applications
• Software Licensing
• Telephone Services
• Information Security Office
  (ISO)
• Instructional Media Services
  (IMS)
• Media Solutions
• U Webmaster
• Leadership Home
• OIT Home

Information Security Operations
(ISO)

Security Operations

Security Operations is responsible for the day-to-day implementation and operation of security tools and methodologies in accordance with the University’s tactical security framework and necessary to achieve the University’s strategic security goals. The teams work in partnership with University entities helping to ensure that the University of Utah is exposed only to acceptable risk within its educational, research, patient care and community outreach missions.

Security Operations develops and maintains operational plans, policies, and procedures in support of University strategy, including the special needs core service providers (e.g. Administrative Computing, Hospitals and Clinics, and the Office of Information Technology). Tactical approaches and project priorities will be coordinated with the Compliance Office. Areas of responsibility include:

• Incident identification and response.  This includes correctly identifying and evaluating incidents to determine hoaxes, true incidents, or alerts in a timely manner. Escalating incidents as required.
  • Work with IT administrators to identify and contain security breaches, threats, and vulnerabilities.
  • Conduct Forensic Analysis of Security Incidents
  • Coordinate with internal and external organizations to resolve network security issues.
• Producing reports and generating alerts as necessary.
• Keeping up-to-date on the latest security information including security vendor's products.
• Security assessments and evaluation of penetration testing tools and procedures.
• Plan, organize, and maintain an effective Security Operations team composed of qualified personnel, properly trained in their respective jobs.
• Maintaining security event and discovery/detection tools.
  • Performs on-going review and maintenance of Security Information & Event Management (SIEM) tool logging and alerting.
  • Monitor network traffic for and proactively investigate anomalies.
  • Monitoring company networks to identify and pro-actively prevent unauthorized use from both internal and external sources. 
  • Monitor Intrusion Detection and Prevention Systems
• Creation of daily reports for IT administrators/end-users (flows, etc).
• Education and training on tools, addressing technical vulnerabilities, etc.
• Supports the development and implementation of CIRT procedures, guidelines, and checklists.
• Performs periodic vulnerability assessments across network and information systems processing environment.
  • Vulnerability scanning and assisting IT administrators in addressing or mitigating vulnerabilities.
  • Coordinates the remediation of vulnerabilities across network and information systems processing environment.
  • Makes recommendations for network and security device (IDS/IPS/Firewall) configuration changes based upon various inputs including vulnerability assessment.
• Monitor security bulletins, determine applicability and coordinate action plans.
• Reporting metrics, issues, incidents, etc.; and recommendations on policies, procedures, standards, and best-practices to the Compliance Office.

www.iso.utah.edu