Purpose
To provide ÈÕº«Èý¼¶ with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable ÈÕº«Èý¼¶ to manage cybersecurity risk to systems, assets, data, and capabilities.
Policy
ÈÕº«Èý¼¶ develops, maintains, and disseminates an information security program that includes information security policies and procedures. These policies, procedures, and processes are used to manage, monitor, and support ÈÕº«Èý¼¶â€™s regulatory, legal, risk, environmental, and operational requirements. These requirements are understood and utilized to inform senior leadership of cybersecurity risk.
Summary
- ÈÕº«Èý¼¶ develops and maintains information security policies that have been approved by senior leadership to provide guidance.
- These policies address the security controls that protect the information systems, information and assets.
- ÈÕº«Èý¼¶ will assign security roles, coordinating with internal roles and external partners as necessary
- The Security Officer is responsible for bringing risk management recommendations to executive staff.
- The executive staff approves security policies, risk tolerance, risk mitigation and management.
- Among the regulations requiring specific cybersecurity are payment card data, FERPA, GLBA, FTC and California security breach notification statutes.
Governance Policy Details [pdf]
Contact Us