Security Consulting and Compliance
General Security Consulting
The IT Security Office provides recommendations for security controls implementation for computing devices. Consult on new or existing projects/issues/equipment to provide best-practice recommendations for security architecture and implementation of specific security controls.If you have questions or need assistance on items not listed below, please call the IT Security Office (5-6332) or email: it-security@uiowa.edu
Credit Card Handling (PCI-DSS) Standards Compliance
Technical analysis and assistance to ensure compliance with security standards for handling credit cards on all campus systems.FISMA Compliance A general guide to resources, policy information and descriptions encompassing the overall (enterprise) information security environment at The University of Iowa.
Individual units are expected to develop plans which are scoped to the specific environment requiring the completion of a System Security Plan (SSP), as a requirement of the Federal Information Security Management Act (FISMA) of 2002.
Information resources for Faculty and Staff (both clinical and non-clinical) on how to safe guard health information they work with.
Active evaluation of a resource's security using a combination of automated tools and manual methods to breach the security of the system.
Scanning for Sensitive Institutional Data
Second Level support for Identity Finder software which scans computers to locate files that contain sensitive data such as SSNs, credit card numbers, and passwords.Security Reviews and Assessments
The IT Security Office performs evaluations of computer systems, and provide recommendations to improve security or reach compliance with regulations.If you have questions, need assistance or a consultation please call the IT Security Office (5-6332) or email: it-security@uiowa.edu
Frequently visited resources
Defense in Depth Security Strategy: http://itsecurity.uiowa.edu/bestprac/Defense-in-Depth.shtmlInformation Technology Policy Repository: http://cio.uiowa.edu/policy
IT Security Resources, Services, and Information: http://itsecurity.uiowa.edu
University of Iowa Operations Manual: http://www.uiowa.edu/~our/opmanual/
- Family Education Rights and Privacy Act (FERPA) http://registrar.uiowa.edu/ferpa/
- Health Insurance Portability & Accountability Act (HIPAA) http://itecurity.uiowa.edu/resources/hipaa.shtml
- Gramm Leach Bliley Act (GLBA)http://counsel.cua.edu//fedlaw/glb.cfm
- Payment Card Industry Data Security Standards (PCI-DSS) https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
- UI Policy on Credit Cards http://www.uiowa.edu/~fustreas/Credit%20Card%20Handling%20Policies%20and%20Procedures.pdf
- Federal Information Security Management Act (FISMA) http://csrc.nist.gov/groups/SMA/fisma/overview.html
- Iowa Personal Information Security Breach Notification (Iowa Code, Title XVI, Chapter 715C)