Projects

SIMPL

SIMPL - Secure Information Management Protection Layers
The SIMPL Program is designed to implement a logical and technical computing environment to assist KU in securing its sensitive and private data. This environment will help KU become compliant with state and federal regulations and best practices, and to avoid regulatory fines, loss of data, loss of productivity, and loss of reputation.
Purpose and Scope
The University of Kansas faces many challenges in supporting its mission of Teaching, Research, and Service. Many state, federal and commercial regulations now exist that require very strict policies and procedures to be in place to protect the confidentiality or integrity of data. Implementing the required changes to the current KU network and culture would greatly inhibit the current culture and activities regarding Research and Teaching. To avoid these obstacles and to allow KU to continue to excel in the fields of research and scholastic excellence, drastic changes need to occur to the University's logical and physical computing environment. These changes must happen in order for KU to become compliant with current and future regulation and to mitigate the risks of fine or loss of service.
Objectives
The SIMPL program is designed to meet the following objectives:
  • Implement a computing environment, driven by best practices, that is compliant with PCI, HIPAA, FERPA, and GLBA requirements while allowing KU to foster and support its Mission of Teaching, Research and Service.
  • Documented Policies and Procedures that are compliant with the above mentioned regulations and flexible enough to allow for implementation of compliance controls to meet future regulatory requirements.
  • An awareness program for all affected students, faculty and staff
  • An implemented assessment cycle reviewing the effectiveness of policies, training and technical controls
  • 3rd party certification of compliance upon the project's completion
Five Realms of Security
In order to protect information five areas (or realms) must be considered. Information Security is a holistic endeavor, security controls placed on information must be enforced at many levels. A lack of control in one area can and often does render protections in other areas moot. For instance strict login protections for a laptop are rendered useless if the equipment isn't physically secured and thus is stolen.
Five Realms
Click on a realm below to find out more information about security controls for each area
KU Jayhawk Information Technology Security Office
A Division of Information Services
The University of Kansas
Lawrence, KS 66045
785/864-9003
 Contact Us : Copyright © 2007 by the University of Kansas : DMCA