Information Security Governance
Governance Committee Formation and Relevance
The best way to strengthen information security is to create a framework for IT governance. Effective security governance is managed as an organizational-wide issue that is planned, managed and measured in all areas throughout the organization. In IT Governance, leaders are accountable for and are committed to providing adequate resources to information security. Our goal is creating and following a core set of principles to guide the framework for information security governance.
From USG IT Handbook Audit Expectation:
18.104.22.168 - Through interviews and process review, evaluate the adequacy and completeness of the information security plan and the information security governance structure within the context of the institution's strategic priorities and goals.
Though the governance process is still evolving, we are anticipating the parties that participate in the decision making process will include the following Information Security Governance Committee:
- Chief Information Officer (CIO) - Abraham George - The CIO is responsible for the overall management, direction and security of the University's information assets
- Chief Information Security Officer (CISO) – Dee Spivey - The CISO has delegated authority and is responsible for planning, developing and deploying the University's Security Program
- Human Resources Director - Laurie Jones
- Director of Enterprise Risk Management – Richard Barrow
- Internal Auditor – Michael Johnson
- Director of Enterprise Software Services UITS – Valerie Alexander Spicer
- Senior Manager of Infrastructure and Database Services UITS – Casey Hergett
- Criminal Justice & Sociology – Dr. Dorinda Dowis
- TSYS School of Computer Science – Dr. Wayne Summers