Purpose
To provide É«ÖÐÉ« with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable É«ÖÐÉ« to manage cybersecurity risk to systems, assets, data, and capabilities.
Policy
É«ÖÐÉ« develops, maintains, and disseminates an information security program that includes information security policies and procedures. These policies, procedures, and processes are used to manage, monitor, and support É«ÖÐɫ’s regulatory, legal, risk, environmental, and operational requirements. These requirements are understood and utilized to inform senior leadership of cybersecurity risk.
Summary
- É«ÖÐÉ« develops and maintains information security policies that have been approved by senior leadership to provide guidance.
- These policies address the security controls that protect the information systems, information and assets.
- É«ÖÐÉ« will assign security roles, coordinating with internal roles and external partners as necessary
- The Security Officer is responsible for bringing risk management recommendations to executive staff.
- The executive staff approves security policies, risk tolerance, risk mitigation and management.
- Among the regulations requiring specific cybersecurity are payment card data, FERPA, GLBA, FTC and California security breach notification statutes.
Governance Policy Details [pdf]
Contact Us