Information security is about safeguarding critical information assets, ensuring the integrity of the data on which decisions are based and transactions, its availability to business operations and its confidentiality for institution and its customers. It is a process of putting policies, procedures and technical mechanisms in place to protect, detect and correct problems before they threaten the University's and Hospital’s IT service and operations.
Howard University Enterprise Technology Service Information Security has established information security policies that are supported by standards, procedures and guidelines. This guidance establishes the direction for the information security program and expectations as to how information is to be used, shared, transmitted and destroyed.
Information security coordinates risk management as recurrent activity that deals with the analysis, planning, implementation, control and monitoring of implemented measurements and the enforced security policy. However, risk assessment is executed at discrete time points (e.g. once a year, on demand, etc.) and - until the performance of the next assessment - provides a temporary view of assessed risks and while parameterizing the entire risk management process.
What is an IT security incident? It is "any attempted unsuccessful or successful unauthorized access, disclosure, or misuse of institutional data, network or computing system."
All suspected IT Security incidents, such as hacking, unauthorized access of institutional data and information systems, etc. should be reported to the ETS helpdesk (firstname.lastname@example.org / email@example.com)
Initial security awareness training has been mechanized in such a way that it is been coordinated through the HR at induction of every new employee.
Awareness Training is continuously conducted throughout the Howard University Enterprise to sensitize faculty, employees and students of policies in place, inherent risk and vulnerabilities within.