New IT Security Policy and Overview

Marc Hoit, Interim Associate Provost for IT

An overview of the updated information security regulations is scheduled for Tuesday, April 19, 2005, 9:30 am to 11:30 am in room 282 of the Reitz Union. Please encourage IT workers in your unit to attend.

Significant updates to UF information security policies, standards, and procedures are included in a new document called the UF Information Technology (IT) Security Regulations, http://www.it.ufl.edu/policies/security/. The regulations are developed and maintained by the Information Security Management subcommittee (ITAC-ISM) of the IT Advisory Committee (ITAC). They were recommended by ITAC and approved by the Vice Provost for IT (VPIT) in November.

The regulations are intended to address security needs and goals for the university. They are effective as issued today. Implementation should begin immediately and compliance is expected by Friday, July 1, 2005.

The Charter is a new section of the regulations that defines a new role called Information Security Administrator (ISA). This role is one of authority and was created to work with the existing Information Security Manager (ISM) role, which is one of responsibility. Deans or Directors are the default Level 2 Unit ISAs. This authority may be delegated to another administrative position. The intent is to provide administrative connection and authority to enact, budget and enforce IT security that your unit security managers develop.

Security is an ongoing and rapidly changing issue for any organization dependent on information resources, perhaps none more so than universities. With this in mind, I expect these regulations to continue to evolve and I look forward to working with all units to provide the highest level of security.