Action Item 7:3 Specific programmatic mechanisms are needed to ensure IT security and the protection of information privacy. Details will depend in part upon the development of policy, but some aspects of security mechanisms are required for any policy to be effectively implemented. These include: • Audit and controls: to verify that policy is being followed and to determine if mechanisms are working and correctly deployed. • Education and awareness: to ensure that parties are aware of their responsibilities and to help engage everyone involved in managing and using information and IT resources as part of the University’s security plan. • Risk assessment: to determine the need for protection, to identify specific mechanisms of protections, and to help prioritize choices of protection. The University must provide the resources necessary to ensure network security and meet the demands of federal and state regulations. Action Item 7:4 Specific physical mechanisms must be in place to secure servers and access to sensitive information. While network security is important to maintaining the integrity of data and systems, the physcial security of data needs to be addressed at the individual and college/department level as well. Data must be kept safe from breaches at all levels. Action Item 7:5 Establish an IT Security Advisory Team composed of a variety of college/department staff and faculty from across the University to assist in the review and formation of appropriate IT security practices. Security is a shared responsibility that requires diligence from all parties involved. Communication is a critical element in the extensive coordination required to maintain a successful security program. Establishing an IT Security Advisory Team will enable not only the implementation of security policies, but also gain additional objective input for security actions and plans. Security will become a leading-edge issue in establishing relationships between ITS and other entities at UK. IT Strategic Plan | 32