Re: Security and Privacy Governance

["Davis, Thomas R" <tdavis () IU EDU>]

Hi Chris,

The governance of Indiana University's ISPP is outlined here:

  https://protect.iu.edu/privacy/program/governance

-- 
Tom Davis, CISSP, CISM
Chief Security Officer
Public Safety and Institutional Assurance
Indiana University
https://protect.iu.edu/tdavis
 

On Aug 23, 2011, at 7:53 PM, Chris Kidd wrote:

> Colleagues:
>  
> We’re in the process of evaluating the governance of our information security and privacy program. I’m hoping that 
> we’re not unique in the sense that we have a centrally managed program for our entire campus, which includes our 
> academic medical center (collaboration and data flow have necessitated this alignment). In terms of scope – the 
> security program is focused on the traditional C.I.A. pyramid while privacy links at confidentiality but also 
> encompasses an individual’s right to access, amend/correct, control access to, copy/review, etc. information about 
> them.
>  
> If you’re willing to share, I’d like to better understand how other programs are structured. I’m particularly 
> interested in understanding the configuration of advisory and oversight committees in the context of the larger IT 
> (or other) governance framework and how this ultimately interacts with operational areas. I also wonder how many 
> organizations have aligned their programs with data governance and/or data stewards and how effective that has been.
>  
> What has worked best for you? Thanks in advance.
>  
> Chris
>  
> Chris Kidd
> Chief Information Security and Privacy Officer
> University of Utah Health Care
> University of Utah
> 650 Komas Drive, Suite 102
> Salt Lake City, UT 84108
> Office: 801.585.7483
> Cell: 801.747.9028
> chris.kidd () utah edu
>  
> http://www.secureit.utah.edu
>