Information Security Administrator
Dear Faculty and Colleagues,
As you are aware, the Information Security Office (ISO) is tasked with protecting information resources. We can not do this alone, however, and value the partnership we have with faculty, staff, and students in creating a secure environment for learning. The ISO hopes to establish effective and secure processes and information systems and to promote information security as a core institutional value. As part of our Institution’s Information Security Program, we need to institute the Information Security Administrator (ISA) program in accordance to the UTS165 Standard 1 – Information Resources Security Responsibilities and Accountability.
This is an opportunity for departments and the ISO to work hand-in-hand to provide feedback, change and update processes, and understand risks we all face in our environment. In order for us to start the ISA program, it is imperative that an ISA is designated for each area in which data is stored.
What is an ISA?
This ISA is not required to be the embedded technical asset within your department, but that individual is usually a good choice due to previous information technology and information security knowledge. However, we will work with nominees of all levels to allow them to act as ISA's and understand their role and duties.
What are the ISA duties?
ISA duties include the following tasks:
- Implement and comply with all IT Policies and Procedures relating to assigned information systems
- Assist owners in performing annual information security risk assessments
- Report general computing and security incidents to the ISO
- Assist the ISO in developing, implementing, and monitoring the Information Security Program
- Assist the ISO in establishing reporting guidance, metrics, and timelines for the ISO to monitor effectiveness of security strategies
- Report at least annually to the ISO about the status and effectiveness of information resources security controls
Again, we look forward to the opportunity to work together to enhance our posture. Please do not hesitate to contact us with any questions regarding the ISA program or any other matters.
Sincerely,
The Information Security Office