信息安全
The mission of the 信息安全 Team (IST) is to ensure the confidentiality, 完整性, and availability of information systems, 身份, and data assets by offering proactive security expertise, maintaining a secure and resilient infrastructure, and promoting a culture of security awareness and compliance across the organization.
The core functions most important are highlighted below:
策略管理
-
The 信息安全 Team (IST) provides direction for college information security policies and practices to protect critical resources and services and aid campus units with department security goals and compliance requirements. The IST creates security policies and standards for approval by college leadership and evaluates existing and emerging security-related laws, 规定, and policies for compliance goals.
意识和教育
- The 信息安全 Team is responsible for delivering relevant information security knowledge to defined, targeted audiences throughout Trinity to raise awareness of risks and influence behavior to minimize the likelihood of those risks. The methods used to create this awareness include computer-based learning modules, departmental and one-on-one educational opportunities, 在线研讨会, 和视频.
Vulnerability 管理:
- IST识别, 评估, and tracks the resolution of security weaknesses throughout the institution. The responsibility for remediating vulnerabilities rests with the Trinity Infrastructure and Applications units. The vulnerability assessment process is a function of regular vulnerability scanning, 渗透测试, Security Incident Event 管理 (SIEM) log analysis, 风险评估, and targeted IT security assurance audits.
风险评估 & 管理
- The 信息安全 Team is responsible for conducting security reviews and 风险评估 of IT-related purchases, 项目, 供应商, 和合同. 信息安全 works within the procurement approval cycle to assess and approve exceptions to Trinity-supported products and services. The primary instrument used to initiate these security reviews is the IT Security Questionnaire (link coming soon). The IST also coordinates 风险评估 involving some aspects of the IT environment, including year-end financial audits and incident-specific third-party security investigations and consulting engagements as needed.
法规遵从性:
- The 信息安全 Team works closely with various operating units at Trinity to meet their regulatory compliance and attestation obligations related to FERPA, GLBA, pci dss, 和HIPAA. 信息安全 collaborates with departments in developing system security plans and monitors adherence to established policies and procedures.
事件响应:
- The 信息安全 Director oversees 全球十大网赌正规平台’s 信息安全 Incident Response program and orchestrates each incident response and post-incident review. When an incident is detected, IST识别 the appropriate incident handler(s) and coordinates the resources needed, 外部还是内部, 为了应对威胁. The 信息安全 Team guides each incident response from a best-practice perspective. It ensures post-incident reviews are conducted to examine and determine root causes and the quality of the response and confirm if remedial action is necessary. Regarding the overall incident response program, The 信息安全 Team coordinates incident response training to develop the appropriate skill sets throughout all the Trinity disciplines to respond to various threats as they arise. The responsibility for remediating vulnerabilities rests with the Trinity Infrastructure and Applications units.
Business Continuity and Disaster Recovery 管理:
- The 信息安全 Team ensures that all BC/DR plans are documented and periodically tested. 在这些测试中, the 信息安全 Team monitors all failures and ensures they are remediated, and any deficiencies are formally and promptly addressed. 信息安全 is also responsible for regularly updating the Business Impact Analysis report that ranks the criticality of all Trinity applications and services along with an RPO (recovery point objective) and RTO (recovery time objective). In the case of an actual declaration, responsibility for executing the BC/DR plan(s) belongs to the respective operating units within 床位数 and the institution.