Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Security and Privacy Governance

From: Chris Kidd <chris.kidd () UTAH EDU>
Date: Tue, 23 Aug 2011 17:53:02 -0600
Colleagues:

We're in the process of evaluating the governance of our information security and privacy program. I'm hoping that 
we're not unique in the sense that we have a centrally managed program for our entire campus, which includes our 
academic medical center (collaboration and data flow have necessitated this alignment). In terms of scope - the 
security program is focused on the traditional C.I.A. pyramid while privacy links at confidentiality but also 
encompasses an individual's right to access, amend/correct, control access to, copy/review, etc. information about them.

If you're willing to share, I'd like to better understand how other programs are structured. I'm particularly 
interested in understanding the configuration of advisory and oversight committees in the context of the larger IT (or 
other) governance framework and how this ultimately interacts with operational areas. I also wonder how many 
organizations have aligned their programs with data governance and/or data stewards and how effective that has been.

What has worked best for you? Thanks in advance.

Chris

Chris Kidd
Chief Information Security and Privacy Officer
University of Utah Health Care
University of Utah
650 Komas Drive, Suite 102
Salt Lake City, UT 84108
Office: 801.585.7483
Cell: 801.747.9028
chris.kidd () utah edu

http://www.secureit.utah.edu
Previous By Date Next
Previous By Thread Next

Current thread: