Cybersecurity Vision 2020

Goal 1: Information Security Operation

Establish an information security operation that embodies national excellence and protects university data resources.

Rationale

Universities are high-risk targets for cyberattacks. Protecting the campus community requires a new approach in securing business processes. By utilizing a proactive, holistic security structure, the information security team can enable collaboration, protect data and support new initiatives.

Objectives

  • Establish and implement a high-performing security operations center (SOC)
  • Define security architecture and requirements
  • Develop policies and processes based on applicable laws, regulations and best practices
  • Provide training and communications to increase campus awareness of information security
  • Develop, implement and exercise incident response and security disaster recovery plans

Goal 2: Vulnerability and Risk Management

Proactively address current and future risks by implementing a university cybersecurity vulnerability and risk management system.

Rationale

Vulnerability and risk management are critical elements of every comprehensive information security program. The security team will develop a risk management plan to prioritize threats, mitigate risks and maximize resources.

Objectives

  • Conduct annual cybersecurity risk assessments and inform campus leaders of results
  • Conduct security analytics interpreting and processing threat and vulnerability information to improve our readiness posture
  • Identify cybersecurity risks and mitigate these risks to acceptable levels

Goal 3: Secure Research Data

Implement sustainable processes to secure university research data.

Rationale

The security team will provide guidelines to enable the university to compete as a nationally-recognized research institution, as well as expand secure research opportunities. The guidelines will provide university researchers with information on how to protect IP, export-controlled and ITAR data. By expanding secure research opportunities, the university will seek new funding while increasing its reputation nationally.

Objectives

  • Provide guidelines for researchers on protecting data regulated by intellectual property, export-control and ITAR laws
  • Create a sustainable process for conducting classified research

Goal 4: Cybersecurity Leadership

As the state flagship, the University of Arkansas will lead cybersecurity efforts within the state of Arkansas.

Rationale

The University of Arkansas will provide a secure environment for security education, training and collaboration that can be utilized by the community as well as the UA System. Harnessing the university’s leadership, resources and experience, we can become a cybersecurity learning hub, supporting local businesses, schools, government and teaching groups to protect themselves from cyberattacks.

Objectives

  • Partner with state education systems on cybersecurity
  • Partner with local organizations in sharing our security expertise and intelligence to assist in cybersecurity protection and awareness
  • Join and participate with national cybersecurity education groups (Cyberwatch, CSSIA)

Goal 5: Digital Transformation

Lead cybersecurity digital transformation at the University of Arkansas.

Rationale

Digital transformation encourages change, agility, speed, connectivity and the introduction of new processes and technologies. This new security vision positions the university as an enabler of innovations that opens the doors to new possibilities in data analytics and analysis, virtual reality, the internet of things and effective collaboration.

Objectives

  • Advance new practices and processes to support the growth of digital services
  • Align with transformational projects, such as the implementation of a new enterprise resource planning system and unified communications
  • Transition "Security" to "Security as a Service"
  • Evolve our cybersecurity posture as a fully integrated part of our systems and projects
  • Engage with strategic partners in industry