Information Security Governance
Governance Committee Formation and Relevance
The best way to strengthen information security is to create a framework for IT governance. Effective security governance is managed as an organizational-wide issue that is planned, managed and measured in all areas throughout the organization. In IT Governance, leaders are accountable for and are committed to providing adequate resources to information security. Our goal is creating and following a core set of principles to guide the framework for information security governance.
From USG IT Handbook Audit Expectation:
5.2.1.1 - Through interviews and process review, evaluate the adequacy and completeness of the information security plan and the information security governance structure within the context of the institution's strategic priorities and goals.
- Chief Information Officer (CIO) - The CIO is responsible for the overall management, direction and security of the University's information assets
- Chief Information Security Officer (CISO) – The CISO has delegated authority and is responsible for planning, developing and deploying the University's Security Program
- Director of Human Resources
- Director of Enterprise Risk Management
- General Counsel
- Assistant Vice President Business and Finance
- Director CSU Cybersecurity Center
- Department Chair / Professor Computer Science
- Director of Enterprise Software Services UITS
- Desktop Support Services Manager, UITS
- Executive Director of Operations and Infrastructure, UITS
- Assistant Dean of Students
- Chief of Police
