What does cybersecurity compliance mean?
The University has launched an enhanced and rejuvenated cybersecurity compliance program aimed at ensuring our cybersecurity measures are aligned with the required standards, laws, and regulations. This proactive approach to cybersecurity compliance is crucial in safeguarding the University’s Protected Data (AR10:7). Failure to meet these standards can lead to severe consequences, including breaches, reputational damage, heightened risks, legal complications and financial penalties.
Cybersecurity compliance helps identify and address potential security vulnerabilities and risks. By following established standards and regulations, organizations can reduce the likelihood of security breaches, data leaks and cyberattacks.
What regulations and laws is UK subject to?
The University is subject to several specific cybersecurity regulations and laws, including, but not limited to, Family Educational Rights and Privacy Act (FERPA), Gramm-Leach-Bliley Act (GLBA), Kentucky’s Data Security Law, and the Payment Card Industry Data Security Standard (PCI DSS). Adhering to these regulations, laws, and standards not only prevents legal consequences but also builds trust with our students, employees and community partners.
Why is cybersecurity compliance important?
Demonstrating cybersecurity compliance with standards can enhance the University's reputation. It shows that we take data protection seriously and are committed to safeguarding the information that has been entrusted to us by our students, employees and community partners.
While implementing and maintaining cybersecurity compliance measures might involve initial costs, they can save the University money in the long run. The cost of dealing with a cybersecurity breach—such as legal fees, data recovery and reputation repair—can be significantly higher than investing in preventive measures.
How does UK make sure vendors are also compliant?
Any institution can put themselves at risk when working with vendors. The University needs to hold our vendors to the same high standards of data protection that we adhere to. Working with Purchasing and Legal Counsel we have recently launched a pilot program that seeks to identify when the University would be sharing Protected Data. Once identified, we initiate a risk analysis of that vendor.
How can colleges, units or departments work towards cybersecurity compliance?
The Governance, Risk and Compliance team seeks to improve the posture of our partners in the University community. Any college, unit or department that wishes to work with the cybersecurity team to perform a review of their IT can contact GRC@uky.edu to schedule a meeting to discuss the implementation.