ISO Initiatives

The Information Security Office (ISO) is responsible for managing a university information security program that includes:

• information security risk management
• information security policy and standards development
• information security monitoring and testing
• information security incident response management
• campus information security management support
• security education and training

ISO goals for each area of responsibility are described below.

Information Security Risk Management

The ISO will maintain a campus-wide information security risk management program to evaluate threats and vulnerabilities and assure creation of appropriate remediation plans. This will support for assessing security risk, creating and monitoring security plans, and aiding disaster recovery planning.

Information Security Policy and Standards

The ISO will provide direction for university security policies and practices to protect critical resources and services and aid campus units with department security goals and compliance requirements. The ISO will create security policies and standards for approval by university leadership, and evaluate existing and emerging security-related laws, regulations, and policies for compliance goals.

Information Security Monitoring and Testing

The ISO will conduct institutional security testing and monitoring in support of policy enforcement and operational assurance. The ISO will monitor computer and network resources for suspicious activity and test information resources for security vulnerabilities. This will include performing network intrusion detection, conducting security scanning of university computers, testing IT Web-enabled services, and conducting intelligence analysis to identify security threats. The ISO will assure all departmental security monitoring and testing activities are compliant.

Information Security Incident Management

The ISO will manage incident response, investigation, and reporting. This will include performing network intrusion detection and conducting forensic criminal and administrative investigations, receiving and processing security incident complaints, and overseeing recovery, and restoration for security-related events. The ISO will take permitted or required actions to protect university IT resources in consultation with appropriate executive management.

Information Security Management Support

The ISO will assist technology managers with security administration, implementation, and management. This will include testing and evaluating security technologies, advising on security related technology projects, and aiding management of security technology, with special emphasis on mission critical IT resources.