Pace University’s Information Technology Services (ITS) office, in collaboration with a cross-institutional Information Security Advisory Committee (ISAC), has developed a comprehensive set of policies that provide an overview of Pace University’s cybersecurity requirements, and also describe the controls planned for meeting those requirements. These policies include access control, data backup, passwords, privacy, security path management, and virus protection to name a few. These policies are available for the university community to access on a password protected university portal.

View the list of policies at the Pace University ITS website.

Pace University IT Security web page

The Information Security Office works with a major audit firm that helps to regularly assess information security. These assessments and their recommendations are reviewed by management and action plans are created, tracked, and remediated. The Audit Committee and executive management at Pace University receives updates on the continued progress of these plans. In addition, Pace has a vulnerability and patch management remediation program. Automated processes are used to consistently identify configuration and software/operating system vulnerabilities and the Information Security Office works with business units to create and track remediation plans. Pace has also implemented a SIEM solution that collects and analyzes high value logs and network flows to alert on suspicious behavior. Moreover, Pace has both external and internal penetration tests conducted on an annual basis to identify and remediate potential weaknesses.