InfoSec Home

Identity Theft

Resources

Services

 

Office of Information Technology

ISO 17799/27001

The UNLV Information Security Office is structured to follow the International Organization for Standarization ISO 17799/27001 security standard. This standard contains best practices in policy and procedures for the following areas of information security management:

  1. Risk Assessment and Treatment
  2. Security Policy
  3. Asset and Acceptable Use Management
  4. Student and Personnel Security
  5. Physical and Environmental Security
  6. Communications and Operations Management
  7. Access Control
  8. Information Systems Acquisition, Development and Maintenance
  9. Information Security Incident Management
  10. Business Continuity Management
  11. Compliance

Services

The following services are offered by the Information Security Office:

  • Security Organization Liaison with: Law enforcement, other universities, and other external groups.
  • Policy Development & Initiatives:
    • Formal InfoSec Rules: Policy research, preparation, and periodic review.
    • InfoSec Training & Awareness: research, preparation, assistance, delivering and evaluation of security awareness programs.
  • University Liability or Risk Protection:
    • Contextual Misuse & Liability: address issues of trademarks and copyrights (Digital Rights Management), defamation, privacy, libel, slander, and misuse.
    • Cyber crime: address issues of incidental computer use and use of computers to commit a crime.
    • Digital/Cyber Investigations & Digital Forensics.
    • Regulatory Compliance: address the issues of State, Federal and local regulations, statutes, and codes for digital information protection and use.
    • Security Auditing: auditing of organizational compliance of policies, procedures and practices including effectiveness.
  • Alerts & Advisories:
    • Monitoring and evaluation of external alerts.
    • Issue internal security alerts for systems, networks, and applications.
  • Incident Handling: monitoring, performing and assisting in response to security incidents.
  • Security Advisory/Consulting: service or assistance to other University organizations.

The Office also works with other units on aspects of:

  • Risk Management:
    • Risk Analysis: examining all of the potential threats and risks against an asset, assigning a severity factor, and determining a method, level and cost of protection
    • Physical Security: examining the physical security requirements for IT facilities and personnel work areas.
  • Asset Management: examining IT assets for types of information, assigning a classification, and criticality of the information.
  • Computer Security Operation (SOC services):
    • Access Security: monitoring online, remote and wireless access to systems and networks.
    • Incident Response: monitoring and providing first response to security incidents.
    • Intrusion Protection: monitoring technology and effectiveness.
    • Perimeter Security: monitoring technology and effectiveness.
    • Security Planning: systems, networks, and applications.
    • Security Technology & IT Procurement: application of security requirements and evaluations.
    • System Security: monitoring technology and effectiveness.

ISO

External Security Groups

AntiOnline

Anti-Phishing Group

CERIAS

CERT

Educause Cybersecurity

I2 Security

SANS Storm Center