Purpose
To provide °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 to manage cybersecurity risk to systems, assets, data, and capabilities.
Policy
°ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 develops, maintains, and disseminates an information security program that includes information security policies and procedures. These policies, procedures, and processes are used to manage, monitor, and support °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023’s regulatory, legal, risk, environmental, and operational requirements. These requirements are understood and utilized to inform senior leadership of cybersecurity risk.
Summary
- °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 develops and maintains information security policies that have been approved by senior leadership to provide guidance.
- These policies address the security controls that protect the information systems, information and assets.
- °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 will assign security roles, coordinating with internal roles and external partners as necessary
- The Security Officer is responsible for bringing risk management recommendations to executive staff.
- The executive staff approves security policies, risk tolerance, risk mitigation and management.
- Among the regulations requiring specific cybersecurity are payment card data, FERPA, GLBA, FTC and California security breach notification statutes.
Governance Policy Details [pdf]