Connecticut State Colleges & Universities
IT Support Center

IT Support Center | Connecticut State Colleges & Universities - Information Security

Information Security Program Office (ISPO)

The Information Security Program Office, under the guidance of the CISO, develops and maintains the CSCU Information Security Program. The program includes policies, standards, procedures, processes and guidelines.

The ISPO is also responsible for:

  • Developing and implementing security policies, standards and procedures which reflect best practices in information security for higher education;
  • Completing IT Risk Assessments and Security Impact Analysis' for IT solutions that may impact the overall IT security of CSCU;
  • Implementing and managing the Incident Response Program, this includes, incident identification, documentation, containment and assessment, eradication and recovery, notification and follow up;
  • Implementing and managing the Information Security and Awareness Training Program including reporting compliance;
  • Implementing and managing the Security Metrics and reporting program;
  • Working with external organizations and cloud providers to ensure compliance with CSCU security requirements and the Vendor Compliance Program;
  • Reviewing on-going compliance with laws and regulations related to information security;
  • Providing guidance and assistance to college/universities in the development of their Campus Information Security Programs;
  • Implementing and managing of the Vulnerability Management and Threat Intelligence program, and;
  • Assisting Information Security Owners with completion of System Security Plans, SSP.