SUNY at Buffalo logo
Office of the CIO
CIO
Vision/Mission
Governance/Committees
IT Policies
IT Strategic Planning
IT Security
Initiatives/Projects
mUB-Mobile Computing
Green Computing
Events
IT Organizations
Newsletter
IT Partnerships
Resources
Affiliations
UB Home
 
 

University at Buffalo
Office of the Associate Vice President for Information Technology and Chief Information Officer
517 Capen Hall
Buffalo, New York 14260-1600
Tel (716) 645-7979
Questions and comments about the CIO Web site should be sent to:
it-web@buffalo.edu

Privacy
 Accessibility Statement
Last updated: 11/05/2007
Copyright © 2006-08
All Rights Reserved

 
Baird Point North Campus
Students collaborating at laptop
Students using a new learning space
 
   
ibelieve
In the News ...

Fall 2008

Ten ways to protect your identity on campus (SANS Newsletter)

UBlearns Newsletter
Info on Blackboard Upgrade to Version 8.0

The new UB Video on Demand service (UBVOD) uses a dedicated media server to stream high resolution videos on-campus over the UB network.

Learn about other new UB IT services for Fall!

Info Security: Everyone's Responsibility - Learn more about protecting personal and sensitive data

Phishing Emails: Spammers send out millions of phishing emails trying to trick people into sending them their passwords, bank card account numbers, and other personal info. UB and other reputable organizations will never ask for your password or other personal info via email or over the phone.

 

ISRP I ISTAC I ISDCC

Information Security Advisory Structure

The UB Enterprise Information Security Charter, endorsed by UB leadership,, presents the framework for information security within the University. It identifies the motivation for information security, describes information security principles and terms, and defines the scope of infromation security policies and responsibilities of the various security functions.

Three groups provide advice to the UB Information Security Officer: the Information Security Risk and Policy Advisory Group (ISRP), the Information Security Data Custodians Council (ISDCC), and the Information Security Technology Advisory Council (ISTAC).


Information Security Advisory Structure Chart

Information Security Risk and Policy Advisory Group (ISRP)

  • Ms. Nancy Kielar, representing the CIO organization
  • Mr. Jim Jarvis, Human Resources
  • Dr. Charles Kaars, representing the VP for Research (tentative)
  • Dr. Terri Mangione, Student Records
  • Mr. Brian Murphy, representing Vice President for Health Sciences and HIPAA compliance
  • Mr. Jim Nadbrzuch, representing the Vice President for Student Affairs
  • Dr. Nils Olsen, Dean of the Law School
  • Dr. Shambhu J. Upadhyaya, Computer Science and Engineering, Center of Excellence in Information Systems Assurance Research and Education
  • Dr. Hejamadi R. Rao – The School of Management, Center of Excellence in Information Systems Assurance Research and Education
  • Ms. Donna Scuto, representing the Policy Office and AVP/Controller
  • Ms. Karen Senglaup, representing the AVP for University Libraries
  • Ms. Kathy Stuber, representing Development/Advancement
  • Ms. Cheryl Taplin, representing Student Academic Records and Finance
  • Mr. Mark Molnar, representing the Provost’s Office
  • Mr. Gary Walters, representing Internal Audit

Meeting Schedule: The ISRP will have quarterly meetings in addition to ad-hoc sessions as needed.

Role: The role of the ISRP will include but not be limited to:

  • Advise on UB IT strategic and programmatic direction for Information Security matters
  • Review and recommend IT Security policies, standards, initiatives and guidelines
  • Review, prioritize, and make recommendations regarding IT Security projects
  • Align IT Security strategies with University goals and priorities
  • Champion the outcomes
ISRP Members Web Site (Login by Members Required)

Information Security Technology Advisory Council (ISTAC)

Purpose/Mission:

The Information Security Technology Advisory Council's (ISTAC) role is to provide communication, coordination, technology guidance and advice on the full range of Information Security Technology directions, plans, and needs which are vital to protecting and sustaining UB’s mission. ISTAC's scope covers UB's Information Security Technology at all levels and across the entire University. ISTAC also provides input to the ISRP on Security Technology issues and projects. ISTAC is advisory to the Information Security Officer.

Chair: Information Security Officer or designee

Membership:

Membership is appointed by agreement of the Information Security Officer and the Chief Information Officer and will be reviewed every two years. Membership includes:

  • Mr. Joseph Mantione, Provost’s Office
  • Ms. Carol Lazurus, Internal Audit
  • Mr. Dave Yearke, School of Engineering and Applied Sciences
  • Ms. Kathy Stuber, representing Development/Advancement
  • Mr. Mark Ferguson, help/service desk
  • Mr. Dave Costello, School of Management
  • Mr. Ken Smith, Computer Science and Engineering
  • Mr. Alex Dzadur, Law School
  • Ms. Saira Hasnian (or designee), CIT Technical Services
  • Ms. Amy Dimatteo, University Libraries
  • Mr. Joseph Kerr, UB Business - VP/Controller
  • Mr. Wes Young, Central IT OSS
  • Mr. Rob Wright, Administrative Computing Services

Meeting Schedule: The ISTAC will meet quarterly in addition to ad-hoc sessions as needed.

Role: The role of the ISTAC will include but not be limited to:

  • Advise on UB IT Security Technology direction
  • Review and recommend IT policies, standards, initiatives and guidelines to the ISRP
  • Review, prioritize, and make recommendations to the ISRP regarding IT Security projects
  • Align IT Security Technology plans with University goals and priorities
  • Champion the outcomes
ISTAC Members Web Site (Login by Members Required)

top

Information Security Data Custodians Council (ISDCC)

Purpose/Mission:

Information Security Data Custodians Council (ISDCC) role is to provide communication, guidance and advice on the full range of Information Security Data Management directions, plans, and needs vital to protecting and sustaining UB’s mission. ISDCC scope covers UB’s Data Management at all levels and across the entire University. ISDCC also provides input to the ISRP on data access and Security issues and projects. ISDCC is advisory to the Information Security Officer.

Chair: Information Security Officer or designee

Membership:

Membership is appointed by agreement of the Information Security Officer and the Chief Information Officer and will be reviewed every two years. Membership includes:

  • Terry Bell, Inventory Services
  • Laurie Bragg (Undergraduate data only with the exception of international graduates)
  • Kelly Cruttenden, Athletics
  • Katharine Darling, Graduate School (GRE and TOEFL)
  • Davina Desnoes, State Financials
  • Jeff Dutton, CASA
  • Cindy Mack, Student Financials
  • Jeff Murphy, Security Office
  • Pamela Ruday, eFACT (Financial Aid Compliance Tool)
  • William Sabio, AP Credit/Student (includes ISIS Official Enrollment data)
  • Jim Jarvis, Research Foundation/State Employee- Personnel
  • Ed Schneider, UB Foundation Financial
  • Kathy Stuber, Development/Advancement

Meeting Schedule: The ISDCC will meet quarterly in addition to ad-hoc sessions as needed.

Role: The role of the ISDCC will include but not be limited to:

  • Advise on UB IS Data Management direction and issues
  • Review and recommend policies, standards, initiatives and guidelines to the ISRP
  • Review, prioritize, and make recommendations regarding IT projects affecting Data Management
  • Align Information Security Data Management strategies with University goals and priorities
  • Champion the outcomes
ISDCC Members Web Site (Login by Members Required)

top