Information Security Unit Organization
Op12.07-1 Information Security Unit Organization
Policy statement
The Information Security unit is a fundamental component of an enterprise information assurance program. The University shall have a position dedicated to information security (Information Security Officer), to direct the Information Security unit.
The Information Security unit, in conjunction with the Chief Information Officer, shall have authority and responsibility for the following:
- Establishing, maintaining, and enforcing electronic and physical information security and access standards for all entities under the direction of the University.
- Enforcing policies established collaboratively by the Chief Information Officer and Administrative Council.
- Managing information security incidents, including establishing and communicating incident response procedures for all members of the campus community.
- Adopting and implementing industry best practices and standards for secure transportation and transmission of electronic data.
- Informing all University information systems users of their individual responsibilities, and establishing standards to protect sensitive data and privacy.
- Providing support to other departments in meeting federal and state statutes covering identity protection and financial transactions, e.g. "Red Flags" identity protection, Payment Card Industry – Data Security Standards (PCI-DSS), etc.
- Working in conjunction with Health Care Component Security Officers and other University entities to protect the security of electronically-held information.
- Periodically testing University-controlled information systems for vulnerabilities.