The Information Security Program Office, under the guidance of the CISO, develops and maintains the CSCU Information Security Program. The program includes policies, standards, procedures, processes and guidelines.
The ISPO is also responsible for:
- Developing and implementing security policies, standards and procedures which reflect best practices in information security for higher education;
- Completing IT Risk Assessments and Security Impact Analysis’ for IT solutions that may impact the overall IT security of CSCU;
- Implementing and managing the Incident Response Program, this includes, incident identification, documentation, containment and assessment, eradication and recovery, notification and follow up;
- Implementing and managing the Information Security and Awareness Training Program including reporting compliance;
- Implementing and managing the Security Metrics and reporting program;
- Working with external organizations and cloud providers to ensure compliance with CSCU security requirements and the Vendor Compliance Program;
- Reviewing on-going compliance with laws and regulations related to information security;
- Providing guidance and assistance to college/universities in the development of their Campus Information Security Programs;
- Implementing and managing of the Vulnerability Management and Threat Intelligence program, and;
- Assisting Information Security Owners with completion of System Security Plans, SSP.
Information security policies promote consistency, efficiency and effectiveness in delivering secure IT services in support of the CSCU educational mission. The policies contained here have been adopted and are to be applied to the system office and the colleges and universities that make up the Connecticut State Colleges and Universities System as governed by the Board of Regents.