Cal Poly Pomona

IT Information Security Office
Strategic Plan, 2007-2012

Strategic Mission

Ensure appropriate security for university information and IT systems, while promoting security awareness among the members of the Cal Poly Pomona community.

Strategic Directions and Tactics

  • Develop policies, standards, procedures and best practice guidelines to ensure a safe, compliant, and properly risk managed computing and network environment. In collaboration with all appropriate University representatives the Information Security Officer (ISO) will lead efforts to  develop, approve, and launch a suite of information security policies, standards and guidelines, based on the ISO/IEC 27002 code of best practices for information security.  These policies, standards, and proceudres will formally establish the University’s Information Security Program.
  • Ensure that all employees are aware of their information security responsibilities
    • Appropriately train all employees about the role they play in protecting the University’s information assets.
    • Broaden and deepen the information security knowledge of campus technical personnel to improve the university’s overall security effectiveness (e.g., knowledge of Microsoft and Mac OS advanced security concepts)
    • Provide assistance to technology managers with security administration, implementation and management
  • Develop a campus-wide information security risk management program to evaluate threats and vulnerabilities and assure creation of appropriate remediation plans.
    • Increase the quality of the decision processes associated with the protection of the University’s  information assets.
    • Evaluate information security controls and countermeasures to mitigate risks to an acceptable level on a set time period
    • Develop a set of security of assessment services that can be offered to colleges, division, or department
    • Protect our students and employees form potential crimes such as identity threat.
  • Standardize the University’s information security incident response and reporting.
    • Establish campus-wide security incident response processes 
    • Develop communications plan
    • Develop an awareness plan
    • Develop monitoring and review plan