Information Technologies (IT)
IT has the responsibility for maintaining Secure UD policy and its requirements based on the changing needs of the University and the changing nature of information security. IT provides tools and documentation and is available to assist units and individuals with understanding and implementing the Secure UD Data Governance & Security Program (Secure UD DGSP).
As a unit, IT is also responsible for complying with the Secure UD DGSP. Additionally, IT manages the University network and other central IT resources on behalf of the University community.
Responsibilities according to policy
IT's primary responsibilities include:
University Information Security Policy
- Maintaining overview responsibility for implementation of this policy.
- Establishing policy requirements, including security standards and controls, and monitoring and enforcing compliance.
- Developing a comprehensive security program that includes risk assessments, best practices, education, and training.
- (Having IT assume this responsibility does not abrogate the responsibility of individuals and units to comply with policy requirements.)
- Training and educating the University community on this policy.
- Monitoring technological developments, trends, and changes in laws and regulations and updating this policy as appropriate.
- Conducting annual reviews of minimum technical requirements and update this policy, with appropriate review.
- Assisting units in understanding risk and in identifying and implementing security controls to protect IT resources.
- Issuing critical security notices to unit heads.
- Developing, implementing, and maintaining University-level security monitoring and analysis.
- In collaboration with data stewards, developing and maintaining a University data dictionary that describes the sets of University information available for access from data stewards' functional areas and the University information classifications assigned to them.
University Information Classification Policy