Ensure appropriate security for university information and IT systems, while promoting security awareness among the members of the Cal Poly Pomona community.
Strategic Directions and Tactics
- Develop policies, standards, procedures and best practice guidelines to ensure a safe, compliant, and properly risk managed computing and network environment. In collaboration with all appropriate University representatives the Information Security Officer (ISO) will lead efforts to develop, approve, and launch a suite of information security policies, standards and guidelines, based on the ISO/IEC 27002 code of best practices for information security. These policies, standards, and proceudres will formally establish the University’s Information Security Program.
- Ensure that all employees are aware of their information security responsibilities
- Appropriately train all employees about the role they play in protecting the University’s information assets.
- Broaden and deepen the information security knowledge of campus technical personnel to improve the university’s overall security effectiveness (e.g., knowledge of Microsoft and Mac OS advanced security concepts)
- Provide assistance to technology managers with security administration, implementation and management
- Develop a campus-wide information security risk management program to evaluate threats and vulnerabilities and assure creation of appropriate remediation plans.
- Increase the quality of the decision processes associated with the protection of the University’s information assets.
- Evaluate information security controls and countermeasures to mitigate risks to an acceptable level on a set time period
- Develop a set of security of assessment services that can be offered to colleges, division, or department
- Protect our students and employees form potential crimes such as identity threat.
- Standardize the University’s information security incident response and reporting.
- Establish campus-wide security incident response processes
- Develop communications plan
- Develop an awareness plan
- Develop monitoring and review plan