About

About

Keeping information safe is a community effort. Together, we can make a big difference in protecting personal information online.

About the initiative

Learn more about why privacy matters at UBC.

Privacy and information security at UBC is largely dependent on faculty and staff taking an active role in keeping data secure. UBC provides security tools such as anti-virus software, firewalls, and spam filtering. However, these tools can only do so much. We need your help.

The Privacy Matters @ UBC initiative aims to increase the awareness of privacy and information security at UBC. Higher education institutions are often the target of data breaches, which not only affect the individuals whose personal information is compromised, but also the organization experiencing the breach.

Through comprehensive communication strategy and online training, our goal is to provide the campus community with the information needed to protect personal information and to keep UBC's data secure.

Privacy and Information Security Management (PrISM)

Privacy and Information Security Management (PrISM) at UBC is a coordinated effort between Safety & Risk Services, the Office of the University Counsel, and the Office of the CIO.

The mandate of PrISM is to ensure the protection of privacy and security of UBC Electronic Information and Systems through:

  • Security governance
  • Technology
  • Training, awareness and communications
  • Risk management and compliance support
  • System identification and classification

Executive Leadership Committee

Hubert Lai

University Counsel, Office of the President

Dr. Andrew Szeri (Chair)

Provost and Vice President, Academic

Peter Smailes

Vice-President, Finance & Operations

Program Leadership Committee

Paul Hancock

Legal Counsel, Information and Privacy, Office of the University Counsel

Jennifer Burns

Chief Information Officer and Associate Vice President, Information Technology

Rae Ann Aldridge

Executive Director, Safety & Risk Services

Don Thompson (Co-chair)

Chief Information Security Officer

Zoë Armer

Program Manager, Cybersecurity

Michael Lonsdale-Eccles (Co-chair)

Director, PrISM, Safety & Risk Services

Jennifer Kain

Chief Audit and Risk Officer (non-voting)

Current Projects

Learn more about the current initiatives that are a part of PrISM.

Projects

Information Security Standards Review

To ensure that UBC’s confidential data and information systems are safe from a data breach, the university has Information Security Standards that govern the use and protection of university data and computing resources. As required by Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems, all faculty and staff are responsible and accountable for following these standards.

These Information Security Standards are subject to periodic reviews to adapt to changing expectations and risks. The next review cycle begins this year. All staff and faculty are invited to provide feedback on the standards. You can provide feedback at privacymatters.ubc.ca/issreview or by emailing privacy.matters@ubc.ca.

All feedback will be forwarded to the members of a review team made up of staff and faculty members for analysis. The team will then publish draft amendments to the standards for comment by the campus community. The team will then make final amendments and forward them to the Chief Information Officer for approval.

The current information security standards can be found at https://cio.ubc.ca/information-security-standards

All are encouraged to participate in this important process and your input is greatly appreciated.

Enhanced Systems Access Management (eSAM)

The eSAM project is designed to protect UBC’s privileged accounts through deployment of a robust Privileged Access Management (PAM) solution.  Privileged accounts—found across the IT environment at UBC—are accounts that provide a significantly greater level of access to a system or application than regular accounts, and therefore attract the attention of hackers.  With access to valuable privileged accounts, hackers would potentially have access to sensitive data, and be able to distribute malware, bypass security controls and tamper with audit trails to hide their activities.

A Privileged Access Management (PAM) solution offers a secure, streamlined way to authorize and monitor all privileged users for all relevant systems. UBC’s PAM solution, internally branded Enhanced Systems Access Management (eSAM), consists of a toolset and supporting business processes that UBC is currently implementing to ensure secure access to privileged accounts. 

For more information about the project, or to connect with our team about integrating your department’s privileged accounts into the tool, please visit the Cybersecurity Confidential Communications website. (VPN connection/CWL login required)