Brown's Commitment to Information Security

Brown University and its Commitment to Information SecurityBrown University has established a comprehensive information security strategy to protect against unauthorized access that could risk the safety and soundness of the University or the information it handles.

Information security functions at Brown are managed by its Cybersecurity program, which is a well-staffed, well-organized, and well-managed operation designed in part to comply with regulatory mandates and guidelines. The program's responsibilities include: assessing policies and guidelines, assessing/controlling/mitigating risk, threat evaluation, monitoring, coordinating emergency response, and communicating information to Brown University's executive leadership.

Brown incorporates fundamental information security functions to comply with the evolving array of regulatory mandates, which include: Gramm-Leach-Bliley Act, Health Information Portability and Protection Act, MA Breach Notification Law, Payment Card Industry Standard, and FACTA Red Flag.

To ensure compliance with all relevant laws and regulations, the validation of all security functions is being integrated into University procedure and will be routinely evaluated by Computing and Information Services, the Information Security Group,Internal Audit, Governance and Risk Management, and the University's external auditors.

Brown concerns itself with all facets of the information security discipline, targeting the effective risk management of the technologies it uses. The Information Security Group (ISG) has been developed and tasked with ensuring the safety, confidentiality, integrity, and availability of Brown's information. As part of the central Computing and Information Services organization, ISG addresses such fundamental practices as: accounts provisioning, accounts administration, access control, identity management, security governance, standards and authoring, security architecture, department security, IT security management, standards compliance, threat and vulnerability analysis, security events monitoring, and cyber incident response.

Brown utilizes modern technology solutions to meet these information security goals. Some examples of technologies in use include: anti-virus management software, host intrusion detection, network intrusion detection, firewalls, and vulnerability scanning tools. In addition, the integrity of all such programs are reviewed for their ability to be integrated into University procedures, and are routinely evaluated by Brown's audit partners.

Brown University is committed to providing vigilant, strategic, proactive information security, employing the administrative, technical, and physical safeguards appropriate for a research institution of its size, complexity, and the nature of its activities.