Technology Security Review for the University of Idaho
November 4, 2013 - We are pleased to share with you the results of the Technology Security Review conducted earlier this year. Given the sensitive nature of the information provided in the report, we must release this information in a controlled manner.
Executive Summary (Public Access)
Full Report (Restricted Access)
|It is likely the Executive Summary will provide an adequate overview of the security review results and recommendations for most people. The Executive Summary does not contain sensitive security information and can therefore be released for public viewing. You can download and read the Executive Summary of the report without any additional access.
||Access to the full 79-page security report is provided to University of Idaho employees who have a need to review the detail. This access is restricted, but you can request access to the full report by emailing the ITS Help Desk and requesting access. If you have been granted access to view the full report by ITS, please download it through the link below:
|Read the Executive Summary
||Read the Full Security Report
The 113 recommendations presented in the report are being discussed with university leadership to determine priorities and the next steps to be taken. It is up to us as an institution to decide which of the recommendations will be implemented as activities will vary widely in cost, impact on operations and impact on culture. However, successful efforts will improve technology security, lower institutional risk and, in some areas, save money and personnel time.
While the recommendations are being prioritized, ITS has begun the hiring process for the position of Information Security Officer. It is envisioned that this position will lead the collaborative, university-wide process of improving technology security through the implementation of recommendations in the report. This position will serve the overall needs of the university and will report to the Chief Information Officer but it is also important to remind ourselves, as the consultants mention, that "these issues cannot be solved by ITS alone; they require the engagement and support of the entire UI community."
This site will be updated regularly as the next steps are defined and activities commence. Below, you will find an overview of the project.
Project Introduction and Overview
Both the importance and complexity of technology and information security continue to grow. The University of Idaho is committed to ensuring the security of the technology and data that play a significant role in the success of our institution. Information Technology Services (ITS) is working with a team from Indiana University to help us determine the general state of technology and information security at the University of Idaho. The Indiana University security assessment team has provided similar reviews at several other universities and come highly recommended for their skills, experience and knowledge of higher education. Team member bios, a Statement of Work and updated project information is available on this website.
The assessment, scheduled for mid-April, includes research, network testing, tours, and interviews, with ample time for discussions with people throughout our community – those directly involved in technology services as well as functional staff and end users. The review is broad in scope, looking well beyond technology supported by ITS. The deliverable will be a report to the UI Chief Information Officer providing recommendations for improving the security posture and preparedness at the University of Idaho.
The results of the assessment, to be published in the ITS Security Team website, will allow us to understand current technology security vulnerabilities and prioritize efforts to improve security across UI. It will provide input on critical investments and position the university to better address both the threats and the opportunities that technology provides.
If you are interested in providing input to the security review team please email Dave Lien at or call (208) 885-2128.