Educause Security Discussion mailing list archives
Re: Security and Privacy Governance
From: "Davis, Thomas R" <tdavis () IU EDU>
Date: Wed, 24 Aug 2011 12:05:02 +0000
Hi Chris, The governance of Indiana University's ISPP is outlined here: https://protect.iu.edu/privacy/program/governance -- Tom Davis, CISSP, CISM Chief Security Officer Public Safety and Institutional Assurance Indiana University https://protect.iu.edu/tdavis On Aug 23, 2011, at 7:53 PM, Chris Kidd wrote:
Colleagues: We’re in the process of evaluating the governance of our information security and privacy program. I’m hoping that we’re not unique in the sense that we have a centrally managed program for our entire campus, which includes our academic medical center (collaboration and data flow have necessitated this alignment). In terms of scope – the security program is focused on the traditional C.I.A. pyramid while privacy links at confidentiality but also encompasses an individual’s right to access, amend/correct, control access to, copy/review, etc. information about them. If you’re willing to share, I’d like to better understand how other programs are structured. I’m particularly interested in understanding the configuration of advisory and oversight committees in the context of the larger IT (or other) governance framework and how this ultimately interacts with operational areas. I also wonder how many organizations have aligned their programs with data governance and/or data stewards and how effective that has been. What has worked best for you? Thanks in advance. Chris Chris Kidd Chief Information Security and Privacy Officer University of Utah Health Care University of Utah 650 Komas Drive, Suite 102 Salt Lake City, UT 84108 Office: 801.585.7483 Cell: 801.747.9028 chris.kidd () utah edu http://www.secureit.utah.edu
Current thread:
- Security and Privacy Governance Chris Kidd (Aug 23)
- Re: Security and Privacy Governance Davis, Thomas R (Aug 24)