SAS IT takes security seriously. Founded upon the intelligent application of best practices like the principles of least privilege and multi-layer defense, our strategy beings with standard tools such as endpoint protection software (e.g., antivirus) and firewalls that appropriately restrict sensitive traffic. We then layer on additional security measures such as policies and settings that moderate and log sensitive transactions, identify and block particular threats, and alert us about risks to infrastructure stability. We supplement these measures with periodic and targeted vulnerability scans of key systems, regular software patching, ongoing and post-mortem analyses, and secure coding practices. SAS IT also works closely with the university's Information Protection and Security group to help ensure that our workstations, servers, appliances, and other systems are all appropriately secured.