About ISO

A couple of people walking through a bright, modern hallway with large windows and wooden paneling.

Our Mission

The Information Security Office mission is to safeguard the integrity, confidentiality, and availability of Wharton’s information assets to enable and advance the objectives of the school. We implement a robust framework of policies, practices, and proactive measures to protect Wharton’s academic, administrative, and research functions from cyber threats and breaches.

Our Strategy

Diagram representing school cybersecurity priorities, highlighting protection of people, data, and systems. Lists goals: enabling school missions, minimizing risk, and ensuring secure education.

Report a Security Incident

If you suspect a security incident such as a phishing attempt, data breach, or compromised account, contact us immediately.

Report an Incident

Submit a Risk Review

Please complete the Security and Privacy Scoping Form. Once submitted, your request will be reviewed by ISO for evaluation.

Complete Form

Our Services

Wharton’s Information Security Office is responsible for:

  • Risk Management: Identifying, assessing, and mitigating security risks.
  • Incident Response: Detecting and responding to security breaches quickly and effectively.
  • Training and Awareness: Educating the Wharton community on best practices for cybersecurity.
  • Compliance: Ensuring adherence to university policies and external regulatory requirements.
  • and much more!

ISO priorities are organized around the NIST cybersecurity framework.

A circular diagram representing the NIST Cybersecurity Framework, with segments labeled: Identify, Protect, Detect, Respond, and Recover, centered around "Govern".

Risk Review Process

See below for an overview of ISO’s risk review process. For a deeper dive, check out our Risk Review Standard.

Review Wharton's Risk Review Standard
Flowchart illustrating a five-step risk assessment process: ideation, request risk review, request under review, develop assessment report, and issue risk disposition.

Who do we work with?

ISO collaborates closely with Wharton Computing as well as the central information security team (OIS) at Penn to align Wharton’s efforts with university-wide strategies and best practices. We are committed to fostering a culture of security awareness and compliance among our students, faculty, and staff. By empowering our community with the knowledge and tools necessary to protect their data and our collective digital infrastructure, we ensure that our school remains a safe, resilient, and thriving environment for education and innovation. ISO also works with:

  • Faculty, Staff, Students
  • Departments, Centers, Initiatives
  • Office of General Counsel (OGC)
  • Office of Audit, Compliance, and Privacy (OACP)
  • Penn Procurement
  • Etc.

ISO also partners with industry groups like REN-ISAC, Educause, CISA, and Ivy & Ivy Plus universities to share threat intelligence, adopt best practices, and enhance cybersecurity. These collaborations help the ISO stay ahead of emerging threats and strengthen security across the academic community.