Purpose
To provide 6VµçÓ°Íø with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable 6VµçÓ°Íø to manage cybersecurity risk to systems, assets, data, and capabilities.
Policy
6VµçÓ°Íø develops, maintains, and disseminates an information security program that includes information security policies and procedures. These policies, procedures, and processes are used to manage, monitor, and support 6VµçÓ°Íø’s regulatory, legal, risk, environmental, and operational requirements. These requirements are understood and utilized to inform senior leadership of cybersecurity risk.
Summary
- 6VµçÓ°Íø develops and maintains information security policies that have been approved by senior leadership to provide guidance.
- These policies address the security controls that protect the information systems, information and assets.
- 6VµçÓ°Íø will assign security roles, coordinating with internal roles and external partners as necessary
- The Security Officer is responsible for bringing risk management recommendations to executive staff.
- The executive staff approves security policies, risk tolerance, risk mitigation and management.
- Among the regulations requiring specific cybersecurity are payment card data, FERPA, GLBA, FTC and California security breach notification statutes.
Governance Policy Details [pdf]
Contact Us