Enterprise Cybersecurity

The Enterprise Cybersecurity team establishes technology policies based on federal guidelines and industry best practices. These policies include University Administrative Regulations (adopted by the President), policies, standards, guidelines, procedures, and baselines (all adopted by the CIO) to implement and enhance the University’s cybersecurity approach and provide for the general technology administration and oversight of the University.  

Works to ensure that the University’s data and information systems are compliant with privacy laws, regulations, and best practices. The privacy team plays a crucial role in protecting individuals' privacy rights, maintaining regulatory compliance, and fostering a privacy-conscious culture within the University.

The team is available to consult on data encryption, appropriate sharing and storage, and can also meet with staff to identify laws, regulations, etc. related to the data they process, hold, and/or transmit and provide best practices and/or training for dealing with that data. Our team also provides consultation related to reporting data sharing violations. In addition, the team is available to partner with business officers to analyze current and potential partners/vendors/contracts to help ensure appropriate data security.

Reporting HIPAA and FERPA Violations

Disaster recovery and business continuity enable the recovery or continuation of critical technology infrastructure following a natural or human-induced disaster. This effort ensures that critical University systems are available or can be restored quickly, enabling the university to continue critical operations. Our team is also available to consult on how best to back-up and recover college/department/unit services, systems, and data.

Upon discovering a potential threat, issue, or incident contact Cybersecurity@uky.edu and/or 859-218-HELP (24/7).  Our team will evaluate and investigate from a privacy, policy, compliance, risk, and cybersecurity standpoint. In addition, we’ll partner with you to take next steps, report as needed, and engage University partners (Legal, Risk Management, Executive Leadership, UK Police Department, Human Resources, etc.) as needed.

The team serves as a central function that supports the University in achieving its objectives while managing risks and complying with relevant laws and regulations. By establishing effective governance structures, risk management processes, and compliance frameworks, it helps the University operate responsibly, ethically, and with resilience in an ever-changing business environment.  

The team is also available to partner with college/department/unit IT staff to conduct a cybersecurity risk assessments of current technology practices, hardware, and software within that area and provide recommendations on strategies/opportunities that could enhance the cybersecurity environment.  

In addition, the team partners with University Risk Management to ensure that Cybersecurity Insurance is provided to the University. 

Read more about Cybersecurity Compliance at UK

The Enterprise Cybersecurity Team is charged with cybersecurity training and awareness of all students, faculty, staff, and third-parties who utilize University systems and technology resources. The team works to provide awareness campaigns via social media, email, and various websites, in addition to hosting a 1-day annual conference. The team also provides multiple online training courses available in MyUK Learning. Individuals can also reach out to Cybersecurity@uky.edu to request a training needs assessment for their college/department/unit/organization. Afterwards, the requestor will receive cybersecurity training and activity recommendations and a potential customized presentation for your team.

The Enterprise Cybersecurity Team is responsible for the day-to-day management and monitoring of the University’s cybersecurity systems and infrastructure. Their primary focus is on maintaining the cybersecurity posture of the enterprise by monitoring and analyzing security events, detecting and responding to security incidents, conducting investigations, and implementing security controls. The team plays a crucial role in identifying and mitigating cybersecurity threats and vulnerabilities, ensuring the ongoing protection of critical assets, and maintaining the overall security of the organization's systems and networks. 

The team actively collaborates with colleges, departments, and business units to provide cutting-edge cybersecurity defenses, including endpoint detection and response, vulnerability management, and web application scanning. They offer guidance and expertise in an advisory capacity, assisting the campus community in implementing robust security measures. By leveraging their knowledge and resources, the team ensures the adoption of state-of-the-art security practices and fosters a secure environment across the organization.