Re: Policy Defining Responsibility for CIO & CISO

[Ben Woelk <fbwis () RIT EDU>]

Carlos,
Does your CISO report to the CIO? That would impact the delineation of responsibilities.

Ben Woelk '07 CISSP
ISO Program Manager
Information Security Office
Rochester Institute of Technology
ROS 10-A204
151 Lomb Memorial Drive
Rochester, New York 14623
585.475.4122
585.475.7920 fax
ben.woelk () rit edu<mailto:ben.woelk () rit edu>
http://www.rit.edu/security/

Become a fan of RIT Information Security at 
http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645>

Follow us on Twitter: http://twitter.com/RIT_InfoSec

CONFIDENTIALITY NOTE:  The information transmitted, including attachments, is intended only for the person(s) or entity 
to which it is addressed and may contain confidential and/or privileged material.  Any review, retransmission, 
dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other 
than the intended recipient is prohibited.  If you received this in error, please contact the sender and destroy any 
copies of this information.



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Carlos 
Lobato
Sent: Monday, February 22, 2016 10:28 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Policy Defining Responsibility for CIO & CISO


Good Morning Colleagues,



If your institution has a policy that clearly delineates responsibility for the CIO and CISO, I would highly appreciate 
if you would send me a link to your policy.



Thanks in advance,



Carlos



Carlos S. Lobato, CISA, CISSP, CPA

IT Compliance Officer



New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003



Phone (575) 646-5902

Fax (575) 646-5278