Who We Are
OIT Security & Compliance (S&C) is your partner in protecting the university from cyber attacks such as phishing and many other devious, malicious tactics aimed at stealing our identities, money, data, and even our reputation. We cannot do it alone. We need every member of The Pack to do everything possible, at all times, to protect both personal and university data.
Please visit our websites regularly and seek out our guidance whenever you are uncertain about how to operate securely. We provide consulting and operational services along with recommendations and assistance regarding strategies for licensing, compliance, and protection of the university’s information technology assets.
Security & Compliance mission: Monitor, protect and secure the university’s IT infrastructure, data and operations; safeguard the privacy of the university community; and maintain compliance with applicable laws, licenses and regulations.
S&C Core Values: Accuracy, Accountability, Availability, Integrity, Respect, Openness
NOTE: S&C accomplishments and areas of focus are provided in our annual reports.
S&C Teams
- Information Security Risk & Assurance (ISRA)
- Cybersecurity Operations (CyberSecOps)
- Vendor Risk & License Management (VRLM)
NOTE: While the Portfolio, Project and Process Services (PPPS) team continues to be a collaborative partner, they have moved from S&C to OIT Outreach, Communications and Consulting (OCC) as of May 2023.
ISRA Services and Responsibilities
- Review and evaluate new and revised regulations and contracts for IT security and privacy requirements.
- Develop plans, projects, analyses and reports to verify the university’s compliance and then document any gaps in accordance with ISO/IEC 27002, which is the common information security framework recommended at the University of North Carolina system level.
- Perform assessments of how well the university meets various compliance requirements.
- Create and update university IT Regulations and Standards, including the Computer Use Regulation, the Data Management Procedures Regulation and the associated Data Classification Statement.
- Update the IT aspects of the university Records Retention Schedule.
- Work with the Office of General Counsel in planning for e-discovery and developing IT aspects of other university regulations.
- Improve the university’s stance on computer security and privacy aspects of identity management and data sensitivity projects.
See the Information Security Risk & Assurance web page for more details.
CyberSecOps Services and Responsibilities
- Secure Computing:
- Data Protection
- Multifactor Authentication Solutions
- Network Security Monitoring
- Password Vault
- SSL Certificate Management
- Vulnerability Scanning and Pen Testing
- Web Application Security Testing
- Security Consulting and Education:
- General Security Consultation
- Security Architecture
- Security Review
- Security Incident Response and Investigation:
- Digital Forensics
- Security Incident and Response
- Security Support Services
SLM Services and Responsibilities
- Software Licensing
- IT Purchase Compliance Management
- License Risk Assessment
- License Asset Management
- SAS Grant Administration
- Analysis of campus software needs, interests and directions
- Creating a cooperative and fair software-purchasing partnership with various campus partners
- Collaboration with the UNC-GA on university system-wide software licenses
See the Vendor Risk & License Management web page for more details.