University of Alaska
Statewide Programs, Services, and Outreach
FY12 Increment Requests
Information Technology Security Review and Remediation, New funding, BOR 3-BOR 6
(GF: $250.0, NGF: $0.0, Total: $250.0)
Funding is needed for ongoing information technology external security reviews and will provide
resources for related remediation. This activity is a necessary business practice for UA and is a way to
proactively and regularly address or mitigate security risk, manage compliance issues, and safeguard
critical or personally identifiable data, etc. Every three years, there is a full external system security
review with resulting remediation items/activities. Smaller more focused reviews also occur during the
intervening two years. Due to the substantial and negative impact caused by security breaches, it has
become a necessity to regularly review and remediate weaknesses in the security infrastructure. This
increment will allow for the refresh and upgrade of security equipment that is nearing the end of its useful
life and supports security maintenance needs generated from security review exercises. Post review, there
are typically several critical security items for monitoring and firewalls that must be refreshed and
maintained. Current security log storage needs to be expanded. Additional tools for security analysis to
benefit all UA campuses are also needed.
Internal Auditor Position, New funding, BOR 4
(GF: $87.0, NGF: $0.0, Total: $87.0)
Expanding compliance demands for federal grants and information technology require the need for
additional oversight and monitoring. An additional auditor position is requested as a necessary
component of an effective internal control system. These compliance areas have grown substantially with
the recent implementation of regulatory requirements including, but not limited to, the Payment Card
Industry Data Security Standards (PCI DSS) and the Federal Trade Commission's Red Flags Rule. There
has been an increase in attention by federal granting agencies, which has led to a heightened interest of
assurance that compliance with the American Recovery and Reinvestment Act (ARRA) and OMB
Circulars A-21 'Cost Principles for Educational Institutions' and A-110 'Uniform Administrative
Requirements for Grants and Agreements With Institutions of Higher Education, Hospitals and Other
Non-Profit Organizations' exists. Management recognizes that data security, with its inherent link to
compliance with numerous regulatory requirements such as FERPA, HIPAA, GLBA, PCI DSS, and the
Red Flags Rule, increases the need to review data processes more frequently. While the demands for
Internal Audit have grown substantially over the past decade, the staffing level for the department has
remained constant.
Systemwide Career Pathway Development, Outreach, and Planning
(GF: $150.0, NGF: $20.0, Total: $170.0)
Funding will be used to conduct cross-MAU career pathways planning with external partner forums,
expand career pathways program level and cluster-level publications to all MAUs and extended
campuses, create consistent career pathway websites linking all MAUs, and emphasize pathways from
high school to post-secondary to professional development.
Systemwide Institutionalize Program Support for Tech Prep
(GF: $300.0, NGF: $40.0, Total: $340.0)
This funding will support a three-year plan to replace soft funding (Carl Perkins) for Tech Prep across the
system. The UA system will retain regular staff to oversee UA Tech Prep protocols and processes,
institutionalize Tech Prep outreach and training services across the system, retain regional coordinators to
expand services to rural sites, and fund program activities, such as travel, professional development, and
continuation of a statewide tech prep consortium with secondary, postsecondary, and industry
representatives.