Skip to main content

Information Security Office 

In accordance with Utah System of Higher Education USHE Policy R345, the Information Security Office (ISO) is responsible for the development and maintenance of a security strategy for Utah State University's IT Resource systems, risk assessments, compliance with ISO policies and guidelines, resolutions to information security incidents and data interaction. This strategy applies to all organizations within the University and includes electronic, hardcopy, and other information formats.

The ISO continuously strives for daily operational excellence to ensure the confidentiality, availability, and integrity of Utah State University information technology systems and data through exploitation of appropriate security resources, best practices, and compliance efforts. 

The ISO Team works in partnership with the University, as well as external entities, to help ensure that Utah State University is only exposed to acceptable risk within its educational, research, and community outreach missions.  Our responsibilities include:

  • Develop policies and procedures to secure information and prevent the loss of information that is critical to the operation of the University.
  • Educate the University on security policies, procedures, and security strategies
  • Recommend network and security device configuration  to prevent the compromise of information security and the misuse of University data, applications, networks and computer systems
  • Coordinate the remediation of operational vulnerabilities across network, system and processing environments
  • Implement and enforce baseline perimeter security practices endorsed for institutions by federal, state, and local government agencies, and national organizations.
  • Identify and respond to incidents
  • Work with IT administrators to identify and contain security breaches, threats, and vulnerabilities
  • Providing education and training on security tools, technical vulnerabilities, trends, and approved best practices
  • Conduct risk assessments, evaluate systems, and business practices