Security controls are created and implemented to keep UTHSC and our information more secure and to help UTHSC accomplish its mission and goals.
There are three (3) main types of security controls; technical, administrative, and physical. The primary goal for implementing a security control can be preventative, detective, corrective, compensatory, or act as a deterrent. Controls are also used to protect people as is the case with social engineering awareness training or policies.
The lack of security controls places the confidentiality, integrity, and availability of information at risk. These risks also extend to the safety of our people and our assets.
Physical security controls are the implementation of security measures used to deter or prevent unauthorized access, such as locks on doors, biometrics, or security guards.
Administrative security controls refer to policies, standards, practices, or procedures that define those practices in accordance with our security goals. Changes to administrative controls in 2021 include the log-in screen notification of our acceptable use policy along with a 10-minute inactivity lock screen for devices not currently, well, active.
Technical security controls use technology to reduce vulnerabilities in hardware and software. Examples of these types of controls are encryption, antivirus applications, firewalls, and other security applications that help detect intrusions or help prevent data from leaking.
Some of these controls are required by federal, state, or local law, compliance mandates, or just best practices. We do not implement a security control on campus without first conducting a risk assessment to weigh the likelihood of something happening with the impact that incident would harm UTHSC. Implementing controls reduces that risk to the campus.
For more information about security controls, please contact the Office of Cybersecurity at itsecurity@uthsc.edu.