ŷ���ڱ���Ƶ

Scope

Applies to the Vice President Information Technology, Campus CIOs & ISOs.

Reason for Policy

Outlines the responsibility of the Vice President Information Technology, Campus CIOs & ISOs to enforce the ŷ���ڱ���Ƶ’s IT Security Policies.

Policy Statement

The ŷ���ڱ���Ƶ will develop, implement and maintain a comprehensive, system-wide, information security program with appropriate methods and safeguards as required by industry standards, federal and state laws and regulations. Consistent with the ŷ���ڱ���Ƶ's Collected Rules and Regulations (CRR), the Vice President for Information Technology (VP for IT) will be primarily responsible for the development, implementation and enforcement of this program. The program will apply to all units within the ŷ���ڱ���Ƶ and to any and all users of ŷ���ڱ���Ƶ IT resources, regardless of their relationship to the ŷ���ڱ���Ƶ. Each ŷ���ڱ���Ƶ entity must comply with the IT security policies and programs or, when necessary, develop specific security policies, programs and processes that are consistent with the system-wide program and are approved by the VP for IT.

The information security program, under the guidance of the Chief Information Security Officer (CISO) will establish policies and processes governing how individuals manage and use the ŷ���ڱ���Ƶ's IT systems. The program will be applicable to all of the ŷ���ڱ���Ƶ's IT systems including, but not limited to, applications, databases, networks, computer systems/servers, computing facilities and all computing devices owned by the ŷ���ڱ���Ƶ or that hold ŷ���ڱ���Ƶ data. The program may also apply to personally owned devices if such devices are utilized for ŷ���ڱ���Ƶ purposes.

Definitions

Accountabilities

Vice President for Information Technology:

• Primarily responsible for implementing information security policies and programs.
• Will designate a Chief Information Security Officer (CISO) for the ŷ���ڱ���Ƶ ŷ���ڱ���Ƶ.

ŷ���ڱ���Ƶ-wide Information Security Council (SISC):

• Will consist of the Director of Risk & Insurance Management, the Chief Information Security Officer, a representative from General Counsel, the Chief Financial Officer, the Executive Vice Chancellor for Health Affairs, the Chief Audit & Compliance Officer, the Chief Human Resources Officer and the Associate Vice President for Academic Affairs
• Responsible for evaluating the ŷ���ڱ���Ƶ of Missouri’s information security (InfoSec) policies, procedures, and standards to identify and apply a risk-based approach to information security. 
• Will champion the InfoSec program to promote awareness, compliance and drive cultural change across the ŷ���ڱ���Ƶ.
• Will review and approve university-wide InfoSec policies and programs, provide strategic direction and establish priorities.
• Will ensure compliance with InfoSec policies within their organizational hierarchy
• Will ensure the development of a “State of Information Security” report for the President and Board of Curators at least twice a year

Chief Information Officers (or CIO equivalent) at each campus/organization:

• Responsible for implementing and enforcing IT security policies at their campus or organization.
• Will either serve as, or designate, an Information Security Officer (ISO) for their campus/organization.

Chief Information Security Officer (CISO):

• Will ensure consistency and adequacy of information security programs at both the system and campus/organization levels.
• Will provide guidance related to policy and program priorities for consideration by the SISC.

Additional Details

Forms

ŷ���ڱ���Ƶ of Missouri Workplace Information Security Manual:  (please right click on the file and download it to your device for viewing)

Related Information

The primary contact for this policy is provided on the cover page.
Campus/ŷ���ڱ���Ƶ ISOs: https://umsystem.edu/ums/is/infosec/iso
Campus CIOs: https://umsystem.edu/ums/is/cio

ŷ���ڱ���Ƶ Collected Rules & Regulations 110.005: https://umsystem.edu/ums/rules/collected_rules/facilities/ch110/110.005_acceptable_use_policy
 

History

Formerly Business Policy Manual 1203 – Information Security (4/16/2008)

Procedure

UM Information Security: https://umsystem.edu/ums/is/infosec/
Roles & Responsibilities: https://umsystem.edu/ums/is/infosec/admin/