|
Information Security Advisory Structure
The UB Enterprise Information Security Charter, endorsed by UB leadership,, presents the framework for information security within the University. It identifies the motivation for information security, describes information security principles and terms, and defines the scope of information security policies and responsibilities of the various security functions.
Three groups provide advice to the UB Information Security Officer: the Information Security Risk and Policy Advisory Group (ISRP), the Information Security Data Custodians Council (ISDCC), and the Information Security Technology Advisory Council (ISTAC).
Information Security Risk and Policy Advisory Group (ISRP)
- Ms. Nancy Kielar, representing the CIO organization
- Mr. Jim Jarvis, Human Resources
- Dr. Charles Kaars, representing the VP for Research (tentative)
- Dr. Terri Mangione, Student Records
- Mr. Brian Murphy, representing Vice President for Health Sciences and HIPAA compliance
- Mr. Jim Nadbrzuch, representing the Vice President for Student Affairs
- Dr. Nils Olsen, Dean of the Law School
- Dr. Shambhu J. Upadhyaya, Computer Science and Engineering, Center of Excellence in Information Systems Assurance Research and Education
- Dr. Hejamadi R. Rao – The School of Management, Center of Excellence in Information Systems Assurance Research and Education
- Ms. Donna Scuto, representing the Policy Office and AVP/Controller
- Ms. Karen Senglaup, representing the AVP for University Libraries
- Ms. Kathy Stuber, representing Development/Advancement
- Ms. Cheryl Taplin, representing Student Academic Records and Finance
- Mr. Mark Molnar, representing the Provost’s Office
- Mr. Gary Walters, representing Internal Audit
Meeting Schedule: The ISRP will have quarterly meetings in addition to ad-hoc sessions as needed.
Role: The role of the ISRP will include but not be limited to:
- Advise on UB IT strategic and programmatic direction for Information Security matters
- Review and recommend IT Security policies, standards, initiatives and guidelines
- Review, prioritize, and make recommendations regarding IT Security projects
- Align IT Security strategies with University goals and priorities
- Champion the outcomes
ISRP Members Web Site (Login by Members Required)
Information Security Technology Advisory Council (ISTAC)
Purpose/Mission:
The Information Security Technology Advisory Council's (ISTAC) role is to provide communication, coordination, technology guidance and advice on the full range of Information Security Technology directions, plans, and needs which are vital to protecting and sustaining UB’s mission. ISTAC's scope covers UB's Information Security Technology at all levels and across the entire University. ISTAC also provides input to the ISRP on Security Technology issues and projects. ISTAC is advisory to the Information Security Officer.
Chair: Information Security Officer or designee
Membership:
Membership is appointed by agreement of the Information Security Officer and the Chief Information Officer and will be reviewed every two years. Membership includes:
- Mr. Joseph Mantione, Provost’s Office
- Ms. Carol Lazurus, Internal Audit
- Mr. Dave Yearke, School of Engineering and Applied Sciences
- Ms. Kathy Stuber, representing Development/Advancement
- Mr. Mark Ferguson, help/service desk
- Mr. Dave Costello, School of Management
- Mr. Ken Smith, Computer Science and Engineering
- Ms. Saira Hasnain (or designee), CIT Technical Services
- Ms. Amy Dimatteo, University Libraries
- Mr. Joseph Kerr, UB Business - VP/Controller
- Mr. Wes Young, Central IT OSS
- Mr. Rob Wright, Administrative Computing Services
Meeting Schedule: The ISTAC will meet quarterly in addition to ad-hoc sessions as needed.
Role: The role of the ISTAC will include but not be limited to:
- Advise on UB IT Security Technology direction
- Review and recommend IT policies, standards, initiatives and guidelines to the ISRP
- Review, prioritize, and make recommendations to the ISRP regarding IT Security projects
- Align IT Security Technology plans with University goals and priorities
- Champion the outcomes
ISTAC Members Web Site (Login by Members Required)
top
Information Security Data Custodians Council (ISDCC)
Purpose/Mission:
Information Security Data Custodians Council (ISDCC) role is to provide communication, guidance and advice on the full range of Information Security Data Management directions, plans, and needs vital to protecting and sustaining UB’s mission. ISDCC scope covers UB’s Data Management at all levels and across the entire University. ISDCC also provides input to the ISRP on data access and Security issues and projects. ISDCC is advisory to the Information Security Officer.
Chair: Information Security Officer or designee
Membership:
Membership is appointed by agreement of the Information Security Officer and the Chief Information Officer and will be reviewed every two years. Membership includes:
- Terry Bell, Inventory Services
- Laurie Bragg (Undergraduate data only with the exception of international graduates)
- Kelly Cruttenden, Athletics
- Katharine Darling, Graduate School (GRE and TOEFL)
- Davina Desnoes, State Financials
- Jeff Dutton, CASA
- Cindy Mack, Student Financials
- Jeff Murphy, Security Office
- Pamela Ruday, eFACT (Financial Aid Compliance Tool)
- Kathy Medved, AP Credit/Student (includes ISIS Official Enrollment data)
- Jim Jarvis, Research Foundation/State Employee- Personnel
- Ed Schneider, UB Foundation Financial
- Kathy Stuber, Development/Advancement
Meeting Schedule: The ISDCC will meet quarterly in addition to ad-hoc sessions as needed.
Role: The role of the ISDCC will include but not be limited to:
- Advise on UB IS Data Management direction and issues
- Review and recommend policies, standards, initiatives and guidelines to the ISRP
- Review, prioritize, and make recommendations regarding IT projects affecting Data Management
- Align Information Security Data Management strategies with University goals and priorities
- Champion the outcomes
ISDCC Members Web Site (Login by Members Required)
top
| |
Hold your next meeting via web or
video conferencing