Published January 31, 2018
University at Buffalo has made significant investments to build a robust and secure infrastructure that supports the academic, research and community service activities at the university. UB's information security plan includes steps to build awareness, provide resources and guidelines, encourage good cybersecurity habits and the proper handling information security incidents. UB complies with all laws and regulations regarding regulated data including the New York State Information Security Breach and Notification Act.
UB’s information security system is highly integrated with all university applications and network access capabilities. Firewalls, virtual private networks, encryption, automated access to resources and layers of authentication are employed commensurate with application requirements. UB uses two-factor authentication for administrative systems that hold sensitive privately identifiable information. UB employs network and system intrusion detection software and the central email system provides automated spam/phishing identification and removal.
Since 2005, UB has been classifying and tracking information security incidents and is a member of REN-ISAC. UB’s Information Security Office (ISO) has developed a Forensics for Compliance program, in accordance with federal and state regulations, for performing computer forensics on potentially compromised hosts that potentially contain regulated private data.
The university provides an extensive portfolio of resources and guidelines to assist individuals with computer safety - this includes providing free anti-virus and personal firewall software to protect their personal computers from Internet-based threats, virtual private network software to securely connect to UB services from off campus and software to find, remove or secure personally identifiable information from their computers