Information Security Roles - Responsibilities, Information Technology Division, San Jose State Unive

Information Technology Division. Site Navigation. IT Service Desk. Information Security Roles & Responsibilities. Academic Personnel or Judicial Affairs. Supports the Information Security Officer and the Associate Vice President/Chief Information Officer in the reporting, investigating, assessing and resolving potential security violations. Associate Vice President, Information Technology & Chief Information Officer. Provides policy and operational guidance to the university. Provides security standards and guides for protecting information assets. Ensures compliance to existing campus information security policies, standards and procedures. Coordinates with Information Security Officer to develop and implement information security policies, standards and procedures. Coordinates with the Information Security Officer, if needed, on the investigation, assessment, tracking, resolution and reporting of security issues involving information technology resources and reports potential criminal violations to the appropriate entities in a timely manner. Coordinates with the campus Information Security Officer to evaluate the risk introduced by any changes to campus operations and systems. Serves as the chairperson for the SJSU Information Technology Management Advisory Committee. Notifies the Assistant Vice Chancellor for Information Technology if a breach of level 1 data has occurred. Reviews information security risks at least annually. Reviews Information Security Annual Report provided by the Information Security Officer. Campus Information Security Committee. Reviews, provides feedback and recommends action to the Associate Vice President / Chief Information Officer to improve security policies and practices to protect SJSU’s digital information assets and the information technology resources used to access, transmit and store them. Human Resources/Academic Personnel/Judicial Affairs. Investigates alleged security violations by individual students, faculty and staff to determine if disciplinary action is appropriate. Interprets, recommends and imposes sanctions and discipline regarding security violations in accordance with existing policy and practice. Information Authority/Owner. The Information Authority is identified by law, contract or policy with responsibility for granting access to and ensuring appropriate use of the information. Responsibilities are identified in the SJSU Information Classification, Handling, Retention, and Inventory Standards. Information Custodian/Steward. The information custodian/steward has operational responsibility for the physical and electronic security of information. Responsibilities are identified in the SJSU Information Classification, Handling, Retention, and Inventory Standards. Information Security Officer. Coordinates, administers, communicates and maintains the Information Security Program on behalf of the President. Advises the President and campus leadership on information security matters. Consults with campus administrators to ensure campus information security policies and standards meet campus goals. Investigates, assesses, tracks, resolves and reports suspected violations of policies and procedures in coordination with appropriate entities. Confers with Associate Vice President/Chief Information Officer and Information Authorities on information security policies, standards, procedures, security violations, campus security risks and other security matters, as needed. Provides input to the campus budget process regarding prioritization and required resources for security risk mitigation. Responds to information security related requests during an audit and coordinates the CSU information security audits. Serves as the campus representative on the CSU Information Security Advisory Committee. Serves as chairperson for the SJSU CISC. Reviews and approves application data requests and authentication requests. Notifies the CSU Chief Information Security Officer if a breach of level 1 data has occurred. Oversees the campus incident response program, the information security awareness and training program, and annual self-assessment inventory processes. Reviews computing equipment loss reports and security incidents and determines action needed, if any. Provides annual Information Security Report, and Risk Assessment and Action Plan to the President, the Vice President of Administration and Finance and the Associate Vice President/Chief Information Officer. Information Security Management Team. Membership: AVP/Chief Information Officer, Information Security Officer, Identity and Information Security Manager, Managing Sr. Director Infrastructure Services, and Sr. Director Information Services. Reviews information security policies, incidents, audit responses and recommendations from CISC. Determines need for information security product and service proposals. Makes information security recommendations for policies, products and service implementation. Provides information security training for campus staff (attendees at information security forum, LAN coordinator meetings, etc.). Makes recommendations for information security training materials. Information Users. Individuals who need and use university information as part of their assigned duties, or in fulfillment of assigned roles, or functions within the university community. Responsibilities are identified in the SJSU Information Classification, Handling, Retention, and Inventory Standards.