Resources 

Security Best Practices Documents

 

Enterprise Information Security Program - revised May 2009

First developed in May 2003, this program is a collection of policy statements, an architecture model, and a description of the approach taken at the University of Iowa for information security. Together, it describes administrative, operational, and technical security safeguards that must be implemented for systems that create, maintain, house, or otherwise use confidential or sensitive information.

• Information Security Program

  
  

E-Discovery -What is E-Discovery and ESI?

 

Hawk IRB -Information Security Guidance for researchers

The Uiowa System Registry (USR for short)

A helpful web-based application which allows system administrators to register their system(s) with the IT Security Office.

• The Uiowa System Registry

  
  

Identifying Social Security Numbers with Identity Finder
Identity Finder is a UI supported tool used to identify Personally Identifiable Information (PII), in data files and e-mail messages. Identity Finder is capable of searching for financial information, SSNs, and other sensitive data. For a complete list of features and FAQs on Identity Finder visit (http://helpdesk.its.uiowa.edu/security/identity).

License agreements make these products available to University of Iowa departments to be used on UI owned machines for UI related business, including a single installation of the product for home use for non-commercial use only.

The installer is available from the Help Desk software download site.

Please visit http://cio.uiowa.edu/ssn.shtml to find out how you can further protect SSNs.

Encryption Guidelines 

Encryption is required for level 3 highly sensitive institutional data stored on mobile devices and external network transport.

• Encryption Guidelines

  
  

Guidelines for Classifying Institutional Data

A guide to assist Business Owners to determine institutional data's relative sensitivity. Based on its sensitivity level, certain information security controls are required to appropriately secure the data.

• Classification Guidelines

Health Insurance Portability and Accountability Act of 1996

• HIPAA Security Regulations Compliance

Disaster Recovery Planning Resources

• UI Disaster Recovery and Business Continuity Planning Resources

  
  

Computer Security Protections Checklist

A guide to the computer security measures that must be employed to protect sensitive institutional data, and which are recommended for non-sensitive institutional data. The checklist also includes a number of web resources to assist with application of the security meaures. 

• Security Protections Overview

Network Security Tool Kit
This collection of tools will help you clean up compromised or infected machines.

SSL Server Certificates Service

SSL certificates are available at substantially reduced cost for production UI servers needing communications security, through a program jointly offered by the ITS Software Office and the IT Security Office.  

• Certificate Service, Request Form, Pricing

Network Security Scanning Service

The University will generate a network security vulnerability report on any system on the UI network.  Department  NSC's will receive the report if the system owner cannot be verified.  Complete details of the scanning program are also available. 

• Request a Scan 

Site-Licensed Publications

The "pdf" document resources below have been purchased for general use by the University of Iowa community. All faculty, staff, and students affiliated with The University of Iowa are licensed to download, view, and/or print these reference documents. The license for these documents does NOT allow sending them to others via electronic mail, printing or photocopying the documents and giving or mailing them to others, or otherwise sharing them with anyone who is not affiliated with The University of Iowa.  NOTE: Adobe Acrobat Reader version 5.0 or later is recommended for viewing these documents. See Adobe for a copy of this software.

• Linux.1 - Securing Linux: Step By Step V1.0 (Part One)
• Linux.2 - Securing Linux: Step By Step V1.0 (Part Two)
• Win2000 - Securing Windows 2000 Step by Step V1.
• Solaris - Solaris Security Step By Step V2.0
• Incident Handling - Computer Security Incident Handling Step by Step V1.5

Iowa Computer Emergency Response Team

Developed in March 2004, the following paper describes the function, and structure of an Iowa CERT team.  This group would be mobilized and available to assist in the event of a serious computer security incident event for the campus.

•   I-CERT Program

•   I-CERT Flowchart (pdf)

  
  

UI Enterprise Security Architecture 

In March of 1998, a campus-wide Information Technology Security Team completed 18 months of tasks and study by publishing an Enterprise Security Architecture document. It catalogs the state of campus IT security at that time, as well as recommendations for improvement. 

• ESA

 

UI Home | UI A-Z Search | UI Phonebook/Email | Contact Us

Copyright © The University of Iowa. All rights reserved.