The Information Security Program Office, under the guidance of the CISO,
develops and maintains the CSCU Information Security Program. The program
includes policies, standards, procedures, processes and guidelines.
The ISPO is also responsible for:
- Developing and implementing security policies, standards and procedures which reflect best practices in
information security for higher education;
- Completing IT Risk Assessments and Security Impact Analysis' for IT solutions that may impact the overall
IT security of CSCU;
- Implementing and managing the Incident Response Program, this includes, incident identification,
documentation, containment and assessment, eradication and recovery,
notification and follow up;
- Implementing and managing the Information Security and Awareness Training Program including reporting
compliance;
- Implementing and managing the Security Metrics and reporting program;
- Working with external organizations and cloud providers to ensure compliance with CSCU security requirements
and the Vendor Compliance Program;
- Reviewing on-going compliance with laws and regulations related to information security;
- Providing guidance and assistance to college/universities in the development of their Campus Information
Security Programs;
- Implementing and managing of the Vulnerability Management and Threat Intelligence program, and;
- Assisting Information Security Owners with completion of System Security Plans, SSP.