The Information Security Advisory Board is authorized by the IT Steering Committee of the University of Idaho (U of I) to provide advice and recommendations in support of the Information Security Program. The goal of this board is to ensure protection of the confidentiality, integrity, and availability of information assets across the university is in alignment with regulatory and contractual requirements, industry standards, and best practices. The work of this board supports the cost-effective, transparent, strategic, and compliant approach to managing technology risk and prioritizing changes, initiatives, and investments for the Information Security Program in support of the institution’s mission and priorities. As the board co-chair, the Chief Information Security Officer (CISO) has primary responsibility for reaching consensus, reporting, and coordination of board recommendations.
Definition of Information Security*
Information security is protecting information, information systems and IT infrastructure from unauthorized access, use, disclosure, disruption, modification, or destruction to provide integrity, confidentiality, and availability. Information security spans and is an integral part of administrative, academic and research technology in higher education.
* Based on the NIST Computer Security Resource Center definition of INFOSEC found at https://csrc.nist.gov/glossary/term/INFOSEC
Board Composition and Term
- The composition of this board will consist of a cross-functional representation of stakeholders with authority to make decisions or subject matter expertise.
- Generally, members are selected to represent technology stewards, service stakeholders, Faculty Senate IT Committee, and the student body.
- Membership may be permanent or rotating for 1- to 3-year terms based on the position of each member. The membership terms for the various members will be determined after the board has been in operation for one year.
- Some members are appointed as ex-officio.
- Members are appointed to committees based on recommendations from the existing members of the IT Steering Committee and other University leadership as appropriate.
- The board will annually review membership, addressing attendance gaps or participation gaps from changing member commitments. The board will attempt to stagger terms for rotating members where possible.
-
Board Membership
- Co-Chair – Chief Information Security Officer
- Co-Chair - [one of the positions chosen below]
- Director of Financial Aid
- Director of Human Resources (HIPAA Privacy Officer)
- Director of Research Computing
- Representative of OSBE Risk Management
- Representative of OSBE Internal Audit
- Representative of General Counsel
- Representative of Data Governance Steering Committee
- Representative of Office of Sponsored Programs
- Representative of Faculty Information Technology Committee
- Representative of ASUI
- Ad Hoc - Subject matter experts on compliance, cybersecurity
The full Charter including Member and Co-chair responsibilities is available for review and is attached to this article.