ITS Information Security Office Services

About the ITS ISO

Account Mgmt

Campus ISO

Checklists

Incident Reporting

News/Alerts

Policy/Procedure

Secure E-Mail

Services

SSL Certificates

security@hsc.utah.edu

University of Utah

Home | News/Alerts | HIPAA

Technical Security Implementations

Firewall (Click Here)
Information Technology Services is in the process of implementing a firewall to protect the Intranet from unauthorized external access. This firewall is unique, in that up to 25 virtual firewalls can be configured, allowing firewall settings to be customized for individual departments. While ensuring that none of the virtual firewalls provide a weak point in security, we will work with you to determine the most appropriate firewall rules for your area.

ITS VPN Service
A Virtual Private Network (VPN) has been installed and is available for use by the UUHSC Community. The VPN creates an encrypted connection between your PC and the UUHSC's network, once you have authenticated. Requirements for use of the VPN are listed on the link above.

Initiatives and Services

Certification
This is an accreditation process by which a system and all of its security documentation regarding a particular service or resource is captured and compared against established security standards. Certification will be required for all systems and guidance and oversight will be provided by this office.

IT Business Continuity
The UUHSC has an Emergency Management Plan, part of which is a section dealing with IT infrastructure. We will work with each area to analyze dependencies and data/application criticality and then to define and implement a disaster recovery plan. In the event of a disaster, the Information Security Office will act as liason to the UUHSC Emergency Management Disaster Manager and coordinate IT systems HSC wide in support of that process.

Information Access Control (Authentication and Authorization)
The Information Security Office will provide oversight and assistance in the areas of authentication and authorization (access control). We will work with you to develop appropriate categories for determining access to confidential or protected data. This includes development of procedures for authorizing access, establishing access, and modifying access as roles change.

Internal Audit
We will assist departments in ensuring they have appropriate auditing in place (record of access authorizations, logins, file accesses, etc.). We will also work to centralize logging under the supervision of an "intruder detection" program designed specifically for monitoring logs.

Security and Privacy Training Program
ITS will develop and make available a security awareness training program. Click on the above link for more information.

Security Configuration Management
The HSC-ISO will document procedures and work with each department on their implementation to ensure a coherent system of security throughout the organization. These measures and practices include:

Documentation (written security plans, rules, proecdures, and instructions of each component of security for a resource or service)
Hardware and software installation and maintenance review and testing for security features (includes formal and documented procedures for connection and loading new equipment and programs, periodic review of the maintenance occurring on that equipment and programs, and periodic security testing of the security attributes).
Inventory process for identification and documenting of hardware and software assets.
Security testing procedures (also a section of Security Configuration Management) which includes hands on functional testing, penetration testing, and verification.
Virus software implementation and checking

Security Incident Procedures
The Information Security Office has developed reporting procedures for security incidents and is in the process of developing response procedures. Many of these procedures will be formalized in the UUHSC Information Security Policy and will be made available upon completion. You may click on the link above for moreinformation.

Security Management Process
We will develop procedures to ensure systems receive an appropriate risk analysis and subsequent risk management response (steps taken to reduce risk to an acceptable level and maintain that level of risk).

UUHSC Security Policy
The HSC-ISO is responsible for the creation and development of the UUHSC Information Security Policy. The draft policy can be located by clicking on the link above.

UUHSC Policy and Acceptable Use
We will work with HSC IT Administrators to develop additional policy and acceptable use agreements to facilitate end-user understanding of appropriate use of information resources.

University of Utah Health Sciences Center
50 North Medical Drive, Salt Lake City, Utah 84132

HSC Webmaster
Disclaimer