Purpose
To provide Â鶹´«Ã½ with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable Â鶹´«Ã½ to manage cybersecurity risk to systems, assets, data, and capabilities.
Policy
Â鶹´«Ã½ develops, maintains, and disseminates an information security program that includes information security policies and procedures. These policies, procedures, and processes are used to manage, monitor, and support Â鶹´«Ã½â€™s regulatory, legal, risk, environmental, and operational requirements. These requirements are understood and utilized to inform senior leadership of cybersecurity risk.
Summary
- Â鶹´«Ã½ develops and maintains information security policies that have been approved by senior leadership to provide guidance.
- These policies address the security controls that protect the information systems, information and assets.
- Â鶹´«Ã½ will assign security roles, coordinating with internal roles and external partners as necessary
- The Security Officer is responsible for bringing risk management recommendations to executive staff.
- The executive staff approves security policies, risk tolerance, risk mitigation and management.
- Among the regulations requiring specific cybersecurity are payment card data, FERPA, GLBA, FTC and California security breach notification statutes.
Governance Policy Details [pdf]
Contact Us