Welcome!
Wharton’s Information Security Office is dedicated to safeguarding our community’s digital information and promoting a secure and responsible online environment.
ISO protects Wharton’s assets, systems, data, brand, and reputation with risk identification, reduction, governance, compliance, identity, and access control. Our team enables Wharton’s success and support the School’s mission by identifying and reducing risk.
Our team focuses on promoting a culture of information security, privacy, innovation, and digital transformation throughout the School through cross-departmental collaboration, ensuring resiliency through effective risk management and trustworthy teaching, learning, and research.
Get in Touch
Have questions about information security? Please reach out for consultation on securing data, risk assessments, or guidance on school or university security policies.
- Email: security@wharton.upenn.edu
Our Strategy
Report a Security Incident
If you suspect a security incident such as a phishing attempt, data breach, or compromised account, contact us immediately.
Submit a Risk Review
Please complete the Security and Privacy Scoping Form. Once submitted, your request will be reviewed by ISO for evaluation.
Make an Exception Request
Need an exception to a security policy or standard? Submit a request here for review by ISO.
Our Services
Wharton’s Information Security Office is responsible for:
- Risk Management: Identifying, assessing, and mitigating security risks.
- Incident Response: Detecting and responding to security breaches quickly and effectively.
- Training and Awareness: Educating the Wharton community on best practices for cybersecurity.
- Compliance: Ensuring adherence to university policies and external regulatory requirements.
- and much more!
ISO priorities are organized around the NIST cybersecurity framework.
Who do we work with?
ISO collaborates closely with Wharton Computing as well as Penn’s Office of Information Security (OIS) to align Wharton’s efforts with university-wide strategies and best practices. ISO also works with:
- Faculty, Staff, Students
- Departments, Centers, Initiatives
- Office of General Counsel (OGC)
- Penn Procurement
- Office of Audit, Compliance, and Privacy (OACP)
- Etc.
ISO also partners with industry groups and Ivy & Ivy Plus universities to share threat intelligence, adopt best practices, and enhance cybersecurity across the academic community.
External Resources
Wharton Computing Knowledge Base
The knowledge base is your go-to resource for comprehensive guides, how-tos, and service recommendations for all things technology at Wharton whether that’s setting up accounts, accessing software, troubleshooting issues, or learning about available services.
National Institute of Standards and Technology (NIST) Cybersecurity Framework
The NIST Cybersecurity Framework provides a comprehensive, risk-based approach to managing and reducing cybersecurity risks. It’s a widely adopted resource that organizations of all sizes use to build robust security programs, align their processes with industry standards, and improve their overall security posture.
Learn more about the NIST Cybersecurity Framework
Also check out their cybersecurity glossary!
Cybersecurity & Infrastructure Security Agency (CISA)
CISA is the U.S. government’s lead agency for cybersecurity. CISA offers up-to-date alerts, best practices, and a wide range of tools to help organizations and individuals protect their digital environments from threats. Stay informed about the latest in cyber defense strategies.
Educause
Educause offers resources for higher education institutions and IT professionals to strengthen their cybersecurity posture. From security awareness training and compliance frameworks to risk management and data protection strategies, Educause empowers IT professionals to develop strong security cultures.
SANS Institute
The SANS Institute is a trusted leader in cybersecurity training. Their Security Awareness programs offer actionable insights to help individuals and organizations defend against the latest cyber threats. Discover training tools and best practices that promote a security-first mindset in your daily activities.