Next-Generation Information Security: Business Process and Information Management

Learn about the formulation and on-going work of an Information Security Office, from the CIO's strategic vision, to partnerships with other campus offices and constituencies, to cross-campus organizational outreach through senior leadership committees. A comprehensive framework informs the more traditional functions of IT security in governance, policy formation, and internal organization, using a "security by design" functional approach within the IT organization and in support of the institution's missions. Central to this approach is the creation of a next-generation information security policy that includes data classification, a mandated data-breach response, and support for technical security controls and device configuration standards, developed in collaboration with technical campus IT managers and system-wide IT ISOs, for protecting institutional information and research data. We will explore how campuses of both similar and different Carnegie classes could either create new or reform existing security programs for their next-generation governance, compliance, and risk management needs.