Office of Information Security (OIS) Services

Policy and Compliance

OIS helps the University maintain compliance with federal law, state law, UNC standards, and contractual obligations related to the secure management of information assets by:

  • Overseeing the establishment of policies, standards, and guidelines that define University responsiblities and practices for secure information management.
  • Providing technical compliance consulting and services for ISO 27002, PCI-DSS, DMCA, FERPA, and HIPAA.
  • Providing consultative review for IT security compliance issues.

Security Awareness

OIS helps University faculty, staff, and students remain aware of security threats, relevant guidelines, and best practices to manage information security risks, by providing:

  • Online training
  • Role Based Training based on University job responsibilities and needs.
  • Compliance Based Training to meet information security compliance needs including PCI-DSS.

Risk Assessment

OIS evaluates and tests software, data procedures, and physical environments for potential security issues and helps identify potential measures that can help lower risks. Risk assessment and security testing services include:

  • Department Risk Assessment - We help departments identify procedural and technical risks that can lead to information security or business continuity issues.
  • Vulnerability Scanning - We scan networked devices and servers to identify common security issues, then we identify needed fixes.
  • Software Testing - We review software applications and agreements to determine potential security risks.
  • Web Application Testing - We test web applications for common flaws and security weaknesses that might result in a security compromise.

Data Forensics

OIS can help preserve electronic information in a forensically sound manner as well provide analysis of data artifacts. Types of services provided include:

  • Data Recovery - We have a number of tools that can assist with recovering erased or potentially corrupted files and data.
  • Electronic Preservation - We provide services when electronic data must be preserved in a manner that is well-document and ensures data integrity and validation.
  • Forensic Analysis - We offer services to examine and review data artifacts to help answer questions related to to the disposition of University data.

Incident Response

OIS provides value to the University by detecting, coordinating, and managing the handling of cyber-security incidents.
Types of services provided include:

  • Attack Detection - We provide services to detect cyber-attacks against the University to identity potential security issues and address them responsively.
  • Incident Coordination - We oversee the coordination of cyber security incidents including their analysis and remediation. We also perform after-action review to capture information regarding attacks and evaluate defensive measures.