Purpose
The University Information Security Committee exists to review the programmatic and technical aspects of the University Information security program and to provide recommendations to the CISO and University Information Security Advisory Committee. The committee also coordinates and communicates the direction, current state, and oversight of the information security program to its respective organization Unit (OUs).
Objectives
The responsibilities of the University of South Carolina Information Security Committee are broken into two objectives: programmatic and technical.
Programmatic objectives:
- Formulate, review, and recommend information security standards and procedures to be published.
- Review the effectiveness of standards implementation· Ensure that security activities are executed in compliance with IT 3.00
- Assess the adequacy and coordinate the implementation of information security controls.
- Promote information security education, training, and awareness throughout the University of South Carolina· Educate the team and staff on ongoing legal, regulatory and compliance changes and industry news and trends.
Technical Objectives
- Evaluate information received from monitoring processes
- Review information security incident information and recommend follow-up actions
- Reviews and approves baselines for standard technologies
- Identify and review issues of non-compliance· Identify significant threat changes and vulnerabilities
Membership
The members who participate in the University of South Carolina Information Security Committee are critical to the success of the University of South Carolina information security program. The University of South Carolina Information Security Committee is a cross-functional group of appointed OU Security Liaisons. Additionally, Members of the ITC are encouraged to attend but are considered non-voting participants. The Deputy Chief Information Security Officer will serve as the committee chair; however, meetings will be conducted by an appointed designee.