Cybersecurity, Data Privacy, & Policy

IT Enterprise Security is a shared responsibility by the University’s faculty, staff and students.  All members of the University are responsible for the protection and integrity of the University’s data and network.  All members of the University’s community are tasked with understanding and adhering to the University’s policies, and complying with best practices as established by the University’s Enterprise Security Office.

The Enterprise Security Office maintains a list of policies and practices designed to protect the confidentiality and integrity of the University’s data while maintaining the availability of that data.


The Information Technology Services Enterprise Security team is responsible for overseeing the University of Kentucky’s network security; establishing required minimum security standards for handling the University’s data and information; overseeing technology policy; managing information security training and awareness; handling information security incidents.

UK Information Security Policy

Data Privacy & Policy

In collaboration with other units, ITS develops enterprise level IT policies that support the efforts of the University's students, faculty, staff, and strategic plan while upholding the mission of the University of Kentucky. ITS will also provide IT policy consultation to any unit, as requested. ITS has launched a new IT Security & Policy Advisory Committee to review and form appropriate IT Security practices.  More details here.

Disaster Recovery & Risk Management

Disaster Recovery is something that should be considered by everyone who administers any shared systems at the University of Kentucky.  It is essential to have plans in place to ensure our business viability is not at risk from a critical incident.  A DR plan is designed to mitigate the risk of system and service unavailability by providing written and cost-effective contingency solutions.  Defining the criticality and timeliness of recovering our services is imperative to building an effective long-range Business Continuity strategy.

Our end goal is to be prepared for any incident that may prevent continuous use/operation of our data resources.  Backups are very important, but not the entire solution.  We should be able to execute prompt and effective continuation of services in the event of a disaster today, by evaluating our recoverability options, preparation and execution of a test plan.