Welcome to the Office of Information Security (InfoSec)
Security and risk management is an important component of the University’s strategic plan. The University plan identifies “Technological Advancement” as one of six strategic themes.
Among the goals identified under the Technological Advancement theme, several pertain to the development of the institutions risk management and security strategy:
- Establish security and risk management policies, plans and systems that guide the University community, minimize risks and protect the University’s assets from threats and loss;
- Implement Administrative systems and business processes that utilize appropriate technologies to securely, efficiently and effectively deliver the highest level of service to the University;
- Conduct ongoing technology planning process at all levels that foster continuous improvement by creating transparent processes, establish clear priorities, create measurable objectives, assess outcomes and inform the University community.
To that end the Office of Information Security will use the NIST series of publications as guidelines for providing a secure environment for the university to meet its mission of academic distinction in teaching, scholarship, and service.
The goals for the Information Security program:
- Develop, Approve, and Promote a Comprehensive Information Security Policies and Standards Suite.
- Develop an effective risk management program and a disaster recovery process that contains both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems.
- Design and implement an IT Security incident response program to ensure that the proper methods for handling IT Security incidents are followed and reported.
- Develop and implement an ongoing university-wide security awareness and training program, to ensure that faculty, staff and administrators understand their security responsibilities, USG and organizational policies, laws and regulations and how to properly use and protect the resources entrusted to them.
Mike Fox, Chief Information Security Officer