University of Illinois System

Information Assurance Consulting and Support

Service Description

Information Assurance Consulting and Support services are offered to help University departments safely access and handle enterprise data and meet the requirements of University security policies as well as other legal and regulatory requirements. AITS works together with Technology Services at UIUC and Technology Solutions at UIC to align with the security program of each university. In many cases, after performing an initial determination AITS may refer customers to the appropriate university security office.

Benefits to the University include:

  • Promotes a consistent approach to security and risk management
  • Assist System Office units with security needs
  • Protect AITS system confidentiality, integrity, and availability
  • Provide guidance to safeguard enterprise data
  • Respond appropriately to ongoing external audit activities

Services provided:

  • Security Consulting
    • Provide supporting analysis to help resolve information technology risks, threats, and vulnerabilities and to implement adequate risk mitigation measures
    • Provide consultation to help System Offices respond to audit and/or security assessment findings
  • Vulnerability Testing
    • Scan network systems to discover and manage vulnerabilities
  • Incident Response and Investigation
    • Tech Services at UIUC and Technology Solutions at UIC lead incident response. AITS coordinates with the security office to provide analysis and information.
    • Triage AITS security incidents ranging from desktop compromises to system-wide issues
    • Assist in preservation of data and technical analysis of incidents involving systems connected to the AITS network
  • Compliance and Audit Support
    • Provide guidance on implementing process controls on IT related activities to meet University compliance requirements
    • Support University Audit and External Audit inquiries related to IT controls
    • Serve as IT liaison for external audit across the University System
  • Ongoing security review of System Offices' policies, standards, and procedures
    • Assist System Office units with compliance and understanding and interpreting regulations, University security policies, and standards
  • Coordinate the required University’s security liaison support role
    • Maintain University Security Contact (USC) information
    • Notify USCs of University of Illinois security matters
    • Provide authorized USCs with access to the security access request portals
  • Oversee Enterprise Application Access Control Processes
    • Coordinating the annual enterprise systems access review process
    • Monitoring access control processes including removing access in a timely manner
  • Review System Office projects and initiatives for adequate information security risk mitigation provisions
    • Review and/or manage System Offices projects/initiatives related to enterprise security technology selection, licensing and centralized management
    • Review System Offices projects for appropriate risk mitigation measures, as part of the System Office project management process
  • Enterprise purchasing contracts for security related components
    • Evaluate security-related components of System Office RFP and responses, including assist in interpretation of System Organization Controls reports
    • Manage third party service provider risk management process
    • Research and evaluate security technologies
    • Assist with strategic planning for System Offices' security needs

Hours of Availability

  • Standard business hours are 8 a.m. to 5 p.m., Monday through Friday, except for University of Illinois holidays
  • On-call staffing is available for emergencies and after hours scheduled work
  • Emergency maintenance windows will be handled using the urgent change process

Customer Responsibilities

  • Follow appropriate incident reporting procedures, including cybersecurity incident reporting as required by policies
  • Request and schedule special services (for example, requesting a security review) well in advance of date required
  • Be available to provide critical information to assist in the resolution of cyber incidents
  • Adhere to University security policies, standards and procedures and request related assistance from AITS Assurance if needed
  • Ensure security training to departmental staff
  • Continue to include AITS for awareness and/or analysis when contacting campus security

How Do We Charge?

Currently, AITS does not charge for routine assurance services.