ŷ���ڱ���Ƶ

ŷ���ڱ���Ƶwide Information Security Council (SISC)

This committee is charged with overseeing the ŷ���ڱ���Ƶ of Missouri’s information security (InfoSec) policies, procedures, and standards to identify and apply a risk-based approach to information security. The committee will strive to ensure that the InfoSec program supports the ŷ���ڱ���Ƶ’s mission, improves the security posture of the ŷ���ڱ���Ƶ and is appropriately prioritizing resources and risk.

Responsibilities

• Champion the InfoSec program to promote awareness, compliance and drive cultural change across the ŷ���ڱ���Ƶ
• Review and approve university-wide InfoSec policies and initiatives
• Provide strategic direction and establish priorities
• Ensure compliance with InfoSec policies within their organizational hierarchy
• Engage Council of Chancellors periodically for feedback and input regarding the InfoSec program
• Establish functional ownership and accountability for key information security areas
• Hold identified staff (CISO, Emergency Mgmt, etc.) responsible for execution of priorities
• Ensure the development of a “State of Information Security” report for the President and Board of Curators at least annually

Membership

The committee is accountable to the Vice President for Finance and Vice President for Information Technology and is jointly chaired by the Director of Risk & Insurance Management and the Chief Information Security Officer (CISO) whose offices will also provide administrative support for the SISC. Standing members include:

• Director of Risk & Insurance Management (Co-chair)
• Chief Information Security Officer (Co-Chair)
• General Counsel representative
• Vice President for Finance and Administration
• Vice President for Information Technology
• Director of UM Procurement
• Executive Vice Chancellor, Health Affairs
• Chief Audit & Compliance Officer
• Chief Human Resources Officer
• Associate Vice President, Academic Affairs
• Chief Data Officer
• UM ŷ���ڱ���Ƶ Privacy Officer

Chief Information Security Officer (CISO)

The CISO will serve as a liaison between the SISC and the ISG.

Responsibilities

• Communicate the goals, objectives and priorities of the SISC to the ISG.
• Present draft elements created by the ISG to the SISC.
• Create a template for elements of the information security program to ensure a consistent look and feel.
• Ensure that the information security program is published prominently and remains up to date.
• Assist the VP for IT in managing compliance with the information security program by UM units/departments.

Information Security Group (ISG)

This working group will be comprised of the CISO, the Information Security Officer (ISO) from each ŷ���ڱ���Ƶ entity and other members as appropriate (i.e. HR representatives from each campus when dealing with HR elements of the program).

Responsibilities

• Develop elements of the information security program in accordance with the goals, objectives and priorities of the SISC.
• Serve as a conduit for obtaining input from, and communicating program elements to, each ŷ���ڱ���Ƶ entity.

Other Roles

The Chief Information Officer (CIO) for each ŷ���ڱ���Ƶ entity will be responsible for communicating, publishing and distributing new policies and program components to their respective entity.

• CIOs/ISOs will manage compliance within their respective entities.
• VP for IT will manage compliance within UM departments/units.

Information Security Governance