Educause Security Discussion mailing list archives
Security and Privacy Governance
From: Chris Kidd <chris.kidd () UTAH EDU>
Date: Tue, 23 Aug 2011 17:53:02 -0600
Colleagues: We're in the process of evaluating the governance of our information security and privacy program. I'm hoping that we're not unique in the sense that we have a centrally managed program for our entire campus, which includes our academic medical center (collaboration and data flow have necessitated this alignment). In terms of scope - the security program is focused on the traditional C.I.A. pyramid while privacy links at confidentiality but also encompasses an individual's right to access, amend/correct, control access to, copy/review, etc. information about them. If you're willing to share, I'd like to better understand how other programs are structured. I'm particularly interested in understanding the configuration of advisory and oversight committees in the context of the larger IT (or other) governance framework and how this ultimately interacts with operational areas. I also wonder how many organizations have aligned their programs with data governance and/or data stewards and how effective that has been. What has worked best for you? Thanks in advance. Chris Chris Kidd Chief Information Security and Privacy Officer University of Utah Health Care University of Utah 650 Komas Drive, Suite 102 Salt Lake City, UT 84108 Office: 801.585.7483 Cell: 801.747.9028 chris.kidd () utah edu http://www.secureit.utah.edu
Current thread:
- Security and Privacy Governance Chris Kidd (Aug 23)
- Re: Security and Privacy Governance Davis, Thomas R (Aug 24)