Skip to content Skip to main navigation Report an accessibility issue
Information Security

RISK – Why We Emphasize Information Security


Information security is about addressing and reducing IT RISK. It’s easy to overlook risk as a topic when all you hear is talk about passwords, firewalls, encryption, policies, or two-factor authentication. These are all forms of technology used to reduce the IT risk of disclosing information (i.e., university data, personal data) to unauthorized persons.

If this is too abstract, here’s a more personal example. We have locks on the doors of our homes and cars. Why? Because there’s a “risk” that someone will decide they need our personal belongings more than we do.

The threat: A thief

The vulnerability: An unlocked door

The level of risk (risk tolerance): The level of risk we are willing to accept depends on what we’re protecting, the existence of a threat, and the extent that we’re vulnerable.

The same holds true for protecting university information. We take great care to protect sensitive information (health records, credit card numbers, Social Security numbers).

The threat: A hacker

The vulnerability: An unlocked workstation

The level of risk: If your job requires you to access sensitive information or if you store personal documents on your devices, then the level of risk that you’re willing to accept should be lower.

We work and live in a time when information means money. Just like your personal possessions, university information requires protection due to constant effort by folks to take it. We become easy targets when we increase our vulnerability by not locking our workstations by sending or storing sensitive information in our email. That means we are accepting a higher level of IT risk. Are you able to accept IT risk on behalf of the university? Most of us are not, but we are positioned to be good stewards of the university’s information and resources and to protect them as if they are our own.

General information security practices are in place to help the university community reduce IT risk and protect the confidentiality, integrity, and availability of its information and resources. Good stewardship begins by taking these basic steps:

  • Lock your workstation before leaving your desk
  • Don’t click on links in unsolicited emails
  • Don’t share your UT NetID or password
  • Keep your software updated and patched
  • Protect the data

If you would like to talk to an OIT security expert to help identify potential data risks within your department, contact the OIT HelpDesk at 865-974-9900.

The flagship campus of the University of Tennessee System and partner in the Tennessee Transfer Pathway.