BU Information Security is responsible for guiding the University’s effort to protect Sensitive Information and educating the community about cyber security risks.  University operations depend on the effective use of data, powered by reliable and pervasive technology, from laptops and desktops to tablets, smartphones, projectors, printers and the network infrastructure they run on. The increasingly diverse array of connected devices that generate, share, and store our information presents a large and growing challenge for the University to secure.

Guidance for securely handling sensitive information, both in printed and electronic form, can be found on the information security web page, including tips and tricks for securing your systems, security related news and alerts and links to security policies, standards, and guidelines.

Information Security is made up of three main functions:

Architecture, Engineering & Compliance

Director: Tom Grundig

Provides security consulting, including the review of project proposals and plans, to provide guidance on security requirements to ensure the University maintains compliance with regulations protecting sensitive information and with industry best practice; conducts risk assessments; develops new tools and technologies for securing the infrastructure and maintains the existing security infrastructure.

Identity & Access Management Team (IAM)

Director: Tammy Pruneau

Responsible for proper controls to protect University resources by enabling a single digital identity to be used across IS&T systems. The IAM Team provides the reliable ability to authenticate and access network resources, and support federation of identities with other institutions. The goal of IAM services is to simplify and streamline the user experience. In addition the IAM Team is responsible for digital certificate management; application and account security for many central services such as BUworks, Student Systems, OnBase and many others; account and systems security audit functions.

Security Operations Center (SOC)

Director: Tom Grundig

Responsible for detecting and responding to security incidents and cyber-attacks against the University.  Manages University firewalls; the vulnerability management program; provides cybercrime incident response (IRT) investigative functions, including computer, mobile device and network forensics.