The formation of an Information Security Unit is a mandatory component of an enterprise information security program. The University shall have a position dedicated to information security (Information Security Officer), to direct the Information Security Unit.
The Information Security Unit, in conjunction with the CIO, shall be responsible for the following:
- Establishing, maintaining, and enforcing electronic information security and access standards for all entities under the direction of the Missouri State University administration.
- Enforcing policy established by the Information Security Executive Committee (ISEC) which is chaired by the information security officer.
- Managing information security incidents or data breaches including establishing and communicating procedures for all members of the campus community.
- Adopting and implementing industry best practices and standards for secure transportation and transmission of electronic data.
- Providing guidance to all University computer users on their individual responsibilities, and establishing standards to protect sensitive data and privacy.
- Providing support to other departments in meeting federal and state statutes covering identity protection and financial transactions, e.g. "Red Flags" identity protection, Payment Card Industry – Data Security Standards (PCI-DSS), etc.
- Working in conjunction with Health Care Component Security Officers and other University entities to protect the security of electronically-held information.
- Periodically test all University-controlled information systems for vulnerabilities.
Reason or Purpose for Policy
Provide a centralized unit to manage Missouri State University's information security activities, give the authority to require protection of its digital assets, and give the authority to enforce that requirement.
Entities Affected by this Policy
All entities contained in, or under the direction of, the Missouri State University system.
Line of Authority
- Vice President, Administrative & Information Services
- Chief Information Officer (CIO)
- Information Security Officer (ISO)