Information Security

BU Information Security is responsible for guiding the University’s effort to protect Sensitive Information and educating the community about cyber security risks.  University operations depend on the effective use of data, powered by reliable and pervasive technology, from laptops and desktops to tablets, smartphones, projectors, printers and the network infrastructure they run on. The increasingly diverse array of connected devices that generate, share, and store our information presents a large and growing challenge for the University to secure.

Guidance for securely handling sensitive information, both in printed and electronic form, can be found on the information security web page, including tips and tricks for securing your systems, security related news and alerts and links to security policies, standards, and guidelines.

Information Security is made up of three main functions:

 

Identity & Access Management

Director: Tammy Pruneau

Responsible for proper controls to protect University resources by enabling a single digital identity to be used across University systems. The IAM Team provides the reliable ability to authenticate and access network resources and support federation of identities with other institutions. The goal of IAM services is ensuring individuals get access to the resources they need efficiently and effectively. In addition the IAM Team is responsible for digital certificate management; application and account security for many central services such as BUworks, Student Systems, OnBase and many others; account and systems security audit functions.

 

Information Security

Director: Tom Grundig

Architecture, Awareness, Engineering

Provides security consulting, including the review of project proposals and plans, to provide guidance on security requirements to ensure the University is protecting sensitive information; conducts architectural assessments; develops and provides security training for the university; develops new tools and technologies for securing the infrastructure and maintains the existing security infrastructure. Oversees communications, training, and outreach in an effort to keep the community informed and updated on best practices for keep data safe at Boston University.

Security Operations Center (SOC)

Responsible for detecting and responding to security incidents and cyber-attacks against the University.  Manages University firewalls; the vulnerability management program; provides cybercrime incident response (IRT) investigative functions, including computer, mobile device and network forensics.

Compliance

Manager: David Corbett

Provides guidance to the university on complying with legal, regulatory, and contractual obligations both in daily operations and in research and clinical efforts.  The compliance team works with IS&T leadership, academic and administrative units, and researchers to increase university awareness of cybersecurity compliance requirements and enable successful deployment of necessary controls.  This team conducts risk and gap assessments, specifying controls, and supporting both internal and external audits and assessments.  When new compliance requirements arise, this team helps to improve university policies, procedures, and standards.