IT Security Program

The Information Technology Security Program at the University of Arkansas – Pulaski Technical College is focused on ensuring that the campus community understands IT Security and their responsibility for individual and campus protections. There are several layers defined for providing a good security posture.

Controls
The first layer of protection starts with the controls or best practices used to prevent a compromise. Guidelines and policies are established for controls such as passwords, limiting access to systems and information based on job requirements, acceptable resource use, multiple factors of authentication, and even physical access controls like locks.

Detection
The second layer is detection, or how UA-PTC knows the controls are working. Intercepting e-mail spam, anti-virus scanning, firewall and system event log reviews, staff training, and many other detection mechanisms are in place to provide early warning. In many cases, automated protections are in place to respond when a security issue is detected.

Education
The final layer is the people. By educating everyone at UA-PTC about the first and second layers, the individual and campus IT Security risk will be small.

The three times when it is vital to offer security training is after someone joins UA-PTC, at regular intervals throughout the year, and after an incident occurs. New hire orientation and student registration are used initially, and reminder e-mails are sent throughout the year asking everyone to review the training materials. When an incident occurs, an IT Security Incident Report is filled out.

When an IT Security Incident Report should be submitted:

• Compromised user account
• Compromised endpoint (e.g., malware, keylogger, ransomware)
• Compromised server (e.g., malware, unauthorized use/access, unusual activity)
• Compromised infrastructure (e.g., router, switch, firewall, ICS device)
• Compromised UA-PTC websites (e.g., website defacement)
• Denial of service (DoS)

Should the situation extend to multiple people or systems, a Cybersecurity Alert is sent from RAVE notifying the campus community of the danger and precautions.