Educause Security Discussion mailing list archives
Re: FW: process for creating Information security policies and guidelines
From: "Drews, Jane E" <jane-drews () UIOWA EDU>
Date: Mon, 12 Sep 2011 16:16:43 +0000
Mohamed et al, We developed a separate process for IT policy, to make it more "agile" than our University-level Operations Manual Policy. (Those policy often take a year or more to develop, vet, and approve.) Our CIO was successful persuading University Administration to delegate final IT policy approval to his role (CIO), they are included as official University policy by reference in our Operations Manual AUP. Our IT Community Leadership developed the IT policy process, which is described at http://cio.uiowa.edu/policy/ITdevelopment.shtml (There is also a flowchart depicting the process.) This has worked remarkably well for us, however we are always challenged to ensure that all interested parties get involved in the policy vetting/review phase. A few years ago we added a policy review wiki to facilitate comments and feedback gathering on drafts, which has helped. Jane Drews, CISO Information Security & Policy Office The University of Iowa From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mohamed Elhindi Sent: Sunday, September 11, 2011 8:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] FW: process for creating Information security policies and guidelines Hello We are in the process of reviewing our information security policy. We are looking for a process that other universities have used to create university information security policies and guidelines. If possible, would you please share your flowchart and procedures used for creating information security policies and guidelines? Thank you in advance for your help. Mohamed A. Elhindi, PhD Assistant Vice Chancellor- Chief Information Officer University of Wisconsin-La Crosse 1725 State street La Crosse, WI 54601, USA Phone: 608-785-8662| Fax: 608-785-8306 Please note the University will NEVER ask you to send your password via an email message. If you received these kind of messages please delete it immediately without any reply.
Current thread:
- FW: process for creating Information security policies and guidelines Mohamed Elhindi (Sep 11)
- Re: FW: process for creating Information security policies and guidelines Barrett, Bruce R. (Sep 11)
- Re: FW: process for creating Information security policies and guidelines James Farr '05 (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Sarazen, Daniel (Sep 12)
- Re: FW: process for creating Information security policies and guidelines James Farr '05 (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Valdis Kletnieks (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Matthew Gracie (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Drew Perry (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Valdis Kletnieks (Sep 12)
- Re: FW: process for creating Information security policies and guidelines A. Harry Williams (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Matthew Gracie (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Barrett, Bruce R. (Sep 11)