Educause Security Discussion mailing list archives

Re: FW: process for creating Information security policies and guidelines

From: "Drews, Jane E" <jane-drews () UIOWA EDU>
Date: Mon, 12 Sep 2011 16:16:43 +0000

Mohamed et al,
We developed a separate process for IT policy, to make it more "agile" than our University-level Operations Manual 
Policy.  (Those policy often take a year or more to develop, vet, and approve.)  Our CIO was successful persuading 
University Administration to delegate final IT policy approval to his role (CIO), they are included as official 
University policy by reference in our Operations Manual AUP.  Our IT Community Leadership developed the IT policy 
process, which is described at http://cio.uiowa.edu/policy/ITdevelopment.shtml   (There is also a flowchart depicting 
the process.) This has worked remarkably well for us, however we are always challenged to ensure that all interested 
parties get involved in the policy vetting/review phase.   A few years ago we added a policy review wiki to facilitate 
comments and feedback gathering on drafts, which has helped.


Jane Drews, CISO
Information Security & Policy Office
The University of Iowa


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mohamed 
Elhindi
Sent: Sunday, September 11, 2011 8:06 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] FW: process for creating Information security policies and guidelines


Hello
We are in the process of reviewing our information security policy.  We are looking for a process that other 
universities have used to create university information security policies and guidelines.  If possible, would you 
please share your flowchart and procedures used for creating information security policies and guidelines?
Thank you in advance for your help.


Mohamed A. Elhindi, PhD
Assistant Vice Chancellor- Chief Information Officer
University of  Wisconsin-La Crosse
1725 State street
La Crosse, WI 54601, USA
Phone:  608-785-8662|  Fax: 608-785-8306

Please note the University will NEVER ask you to send your password via an email message. If you received these kind of 
messages please delete it immediately without any reply.

Current thread:

FW: process for creating Information security policies and guidelines Mohamed Elhindi (Sep 11)
- Re: FW: process for creating Information security policies and guidelines Barrett, Bruce R. (Sep 11)
  - Re: FW: process for creating Information security policies and guidelines James Farr '05 (Sep 12)
    - Re: FW: process for creating Information security policies and guidelines Sarazen, Daniel (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Valdis Kletnieks (Sep 12)
  - Re: FW: process for creating Information security policies and guidelines Matthew Gracie (Sep 12)
    - Re: FW: process for creating Information security policies and guidelines Drew Perry (Sep 12)
    - Re: FW: process for creating Information security policies and guidelines Valdis Kletnieks (Sep 12)
    - Re: FW: process for creating Information security policies and guidelines A. Harry Williams (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Drews, Jane E (Sep 12)