Information Security Officer (ISO)
The Information Security Officer is responsible for establishing and maintaining an information security program that contains administrative, technical and physical safeguards designed to protect campus assets.
Information Security Steering Committee (ISSC)
The Information Security Steering Committee reviews and approves information security procedures, plans and guidelines that affect campus organizations. Members of the ISSC include the campus Chief Information Officer, Information Security Officer and at least two members of campus management.
- The Information Security Program is developed by the Information Security Officer in consultation with appropriate faculty and staff.
- Security procedures, plans or guidelines shall be submitted to an Information Security Steering Committee for review and approval.
- Depending on the policy or procedure scope or nature, the ISSC shall recommend policies and procedures to the Information Management Steering Committee (IMSC) in order to determine if approval of the President is required.
- Criteria used to determine if an element of the program requires escalation include but are not limited to
- Human Resource or Bargaining Unit review requirements
- Substantial impact to campus business processes
- Acceptance of risk for information security controls or procedures
- The ISO is responsible for ensuring annual review of the information security policies, procedures and practices.
- The ISSC shall review the Information Security Program annually and provide a report to the IMSC which includes recommendations for program modifications as appropriate.
- The ISO shall publish information about this information security program to the campus.
- The ISSC shall identify policies and procedures which require directed communications to campus organizations in order to ensure adequate awareness of policies and procedures.
More questions? Contact the ISO at 760.750.4787