skip to main content

Information Security Program Office

The Information Security Program Office, under the guidance of the CISO, develops and maintains the CSCU Information Security Program. The program includes policies, standards, procedures, processes and guidelines.

The ISPO is also responsible for:

  • Developing and implementing security policies, standards and procedures which reflect best practices in information security for higher education;
  • Completing IT Risk Assessments and Security Impact Analysis’ for IT solutions that may impact the overall IT security of CSCU;
  • Implementing and managing the Incident Response Program, this includes, incident identification, documentation, containment and assessment, eradication and recovery, notification and follow up; 
  • Implementing and managing the Information Security and Awareness Training Program including reporting compliance;
  • Implementing and managing the Security Metrics and reporting program;
  • Working with external organizations and cloud providers to ensure compliance with CSCU security requirements and the Vendor Compliance Program;
  • Reviewing on-going compliance with laws and regulations related to information security;
  • Providing guidance and assistance to college/universities in the development of their Campus Information Security Programs;
  • Implementing and managing of the Vulnerability Management and Threat Intelligence program, and;
  • Assisting Information Security Owners with completion of System Security Plans, SSP.

Security Standards

ISST 10.100 Risk Assessment (RA)
ISST 10.200 Awareness and Training (AT)
ISST 10.300 Incident Response (IR)
ISST 10.400 Access Control (AC)
ISST 10.500 Audit and Accountability (AU)
ISST 10.600 Security Assessment and Authorization (CA)
ISST 10.700 Configuration Management (CM)
ISST 10.800 Contingency Planning (CP)
ISST 10.900 Identification and Authentication (IA)
ISST 10.1000 Maintenance (MA)
ISST 10.1100 Media Protection (MP)
ISST 10.1200 Physical and Environmental Protection (PE)
ISST 10.1300 Planning (PL)
ISST 10.1400 Personnel Security (PS)
ISST 10.1500 System and Service Acquisition (SA)
ISST 10.1600 System and Communication Protection (SC)
ISST 10.1700 System and Information Integrity (SI)


Information security policies promote consistency, efficiency and effectiveness in delivering secure IT services in support of the CSCU educational mission.  The policies contained here have been adopted and are to be applied to the system office and the colleges and universities that make up the Connecticut State Colleges and Universities System as governed by the Board of Regents.