Welcome to the Information Security resource center for ANR!
ANR IT's cybersecurity program is driven by the UC-wide BFB-IS-3 Electronic Information Security policy.
Unit Information Security Leads
In order for staff to do their job efficiently and effectively, they must be able to rely on their devices and information being secure. The Unit Information Security Lead for each unit is in the best position to support this because they fully understand the needs of the unit. UISLs collaborate closely with Unit Heads and the Chief Information Security Officer (CISO).
Units without a dedicated UISL should contact ANR IT for cybersecurity guidance when needed.
At ANR, these are the responsibilities of the UISL:
- Vendor risk assessments: The UISL serves as a first pass for software requests. If the software doesn't store information, or if the information is public, then the UISL provides guidance. Otherwise, the UISL can help you request a VRA.
- Inventory: The UISL keeps track of hardware assets, software used by the unit, and locations of sensitive information.
- Risk acceptance: The UISL provides context and guidance when you fill out a Risk Acceptance Form.
- Physical information security: The UISL designs and executes proper procedures for handling, storing, and disposing of assets like laptops.
- Reviewing access rights: This might look like checking Box folder permissions, or checking who has access to a shared email inbox.
- Patching: The UISL makes sure your servers are up to date.
Phishing
If you get a phishing email, please forward it to ANR IT so we can verify it's phishing and take action if needed. Read more on the Phishing page.
Report an incident
To report an incident, please contact ANR IT directly.