Security Consulting and Compliance

General Security Consulting

The IT Security Office provides recommendations for security controls implementation for computing devices. Consult on new or existing projects/issues/equipment to provide best-practice recommendations for security architecture and implementation of specific security controls.
If you have questions or need assistance on items not listed below, please call the IT Security Office (5-6332) or email: it-security@uiowa.edu
 

Credit Card Handling (PCI-DSS) Standards Compliance

Technical analysis and assistance to ensure compliance with security standards for handling credit cards on all campus systems.
 

FISMA Compliance

A general guide to resources, policy information and descriptions encompassing the overall (enterprise) information security environment at The University of Iowa.
Individual units are expected to develop plans which are scoped to the specific environment requiring the completion of a System Security Plan (SSP), as a requirement of the Federal Information Security Management Act (FISMA) of 2002.

HIPAA Compliance

Information resources for Faculty and Staff (both clinical and non-clinical) on how to safe guard health information they work with.

Penetration Testing

Active evaluation of a resource's security using a combination of automated tools and manual methods to breach the security of the system.
 

Scanning for Sensitive Institutional Data

Second Level support for Identity Finder software which scans computers to locate files that contain sensitive data such as SSNs, credit card numbers, and passwords.
 

Security Reviews and Assessments

The IT Security Office performs evaluations of computer systems, and provide recommendations to improve security or reach compliance with regulations.
If you have questions, need assistance or a consultation please call the IT Security Office (5-6332) or email: it-security@uiowa.edu
 

Frequently visited resources

Defense in Depth Security Strategy: http://itsecurity.uiowa.edu/resources/Defense-in-Depth
Information Technology Policy Repository: http://itsecurity.uiowa.edu/policy
University of Iowa Operations Manual: http://opsmanual.uiowa.edu/

Family Education Rights and Privacy Act (FERPA)  http://registrar.uiowa.edu/ferpa/
Health Insurance Portability & Accountability Act (HIPAA) http://itsecurity.uiowa.edu/hipaa
Gramm Leach Bliley Act (GLBA)http://counsel.cua.edu//fedlaw/glb.cfm
Payment Card Industry Data Security Standards (PCI-DSS) https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
UI Policy on Credit Cards http://treasury.fo.uiowa.edu/policies-and-procedures/credit-card-acceptance-security-guidelines
Federal Information Security Management Act (FISMA) http://csrc.nist.gov/groups/SMA/fisma/overview.html
Iowa Personal Information Security Breach Notification (Iowa Code, Title XVI, Chapter 715C)