Security and Policy Committee

Mission Statement

Information is integral to Case Western Reserve University and is a crucial asset for the University.  Case is committed to ensuring the integrity, reliability, availability, and confidentiality of its data and computer systems.  To maintain this standard of excellence, Case considers information security to be of paramount importance and an essential cornerstone of its operations.

Charge

Information is integral to Case Western Reserve University and is a critical asset for the University.  Case is committed to ensuring the  and confidentiality, availability, and integrity of its data and underlying IT support systems.  To maintain this standard of excellence, Case considers information security to be of paramount importance and an essential cornerstone of its operations.

To this aim, the Executive Technology Steering Committee and the Vice President for Information Technology Services has empowered the Security and Policy Committee to evaluate, establish, maintain and ensure compliance of control measures to protect the University's information resources from unauthorized or accidental modification, destruction or disclosure.  The Security and Policy Committee will advise the Executive Steering Committee, ITSPAC and the Vice President for Information Technology Services - Chief Information Officer of the University on standards, policies and practices related to the security, security risk management, and compliance of rules and regulations used in support of campus-wide, business units, and school-based information security policies and procedures.

Specifically, areas of focus include:

  • Fostering a collaborative approach to information security efforts across academic units, administrative units, and information technology services departments to mitigate risks through various technical and/or policy initiatives.
  • Developing security policies, standards, guidelines and procedures and other elements of an infrastructure to support information security.
  • Architecting control measures to improve information security (including evaluating and selecting products and services).
  • Assist in the development of scenarios of usage, test for abnormalities or exposures of application systems.
  • Developing, presenting and managing the dissemination of information security awareness and training materials.
  • Providing consulting oversight on implementation of information security controls (e.g. encryption system deployment, secure telecommunications and secure application system development procedures).
  • Serving as liaison and forum between the various groups dealing with information security matters (e.g. with business units, legal, human resources and auditors).

Membership

Members of the Information Security Advisory Group are appointed by the Vice President for Information Technology Services/ Chief Information Officers in consultation with the Executive Technology Steering Committee and the University’s Information Security Officer.  The Information Security Officer serves as the chair of the Advisory Group. Membership of the Advisory Group will include stakeholders from the Faculty Senate, schools, central administrative units, legal, compliance, and internal audit.

Members’ Responsibilities

The primary goal of the Information Security Advisory Group is to promote management practices that will ensure the confidentiality, integrity and availability of Case's information resources.  To achieve this goal, the Information Security Advisory Group will:

  • Support the establishment and compliance of appropriate information security policy, standards, procedures and controls for information security.
  • Promote good information security concepts and practices.
  • Maintain the confidentiality of all proprietary or otherwise sensitive information encountered in the course of professional activities.  The information shall not be used for the personal benefit nor released to inappropriate parties.
  • Use due care to obtain and document sufficient factual material on which to base conclusions and recommendations.  Strive not to intentionally injure or impugn the professional reputation or practice of colleagues or clients.
  • Inform the appropriate parties of the results of investigation work performed.
  • Support the education of management, clients and the general public to enhance their understanding of auditing and information systems.
  • Perform professional responsibilities with due diligence and honesty in accordance with the law and the highest ethical principles.
  • Perform their duties in an independent and objective manner, and shall avoid activities which threaten or may appear to threaten, their independence.

 

Term of Appointment

Members are appointed annually.

 
Membership


NAMEDEPARTMENTEMAIL 
Angelina HerinCAS/Facultyangelina.herin@case.edu 
Mark HerronInformation Security Officemark.herron@case.edu
Tom KnabArts & Sciencesthomas.knab@case.edu
Lisa Palazzo Compliance and Privacylisa.palazzo@case.edu
David PilaskySchool of Medicine david.pilasky@case.edu
Peter Poulos University General Counselpeter.poulos@case.edu
Tim RobsonUniversity Libraries timothy.robson@case.edu
Tom Siu Information Security/ IT Servicesthomas.siu@case.edu
Carolyn WashickHuman Resourcescarolyn.washick@case.edu
Kathy WillsonHuman Resourceskathryn.willson@case.edu
 Josh Kendall University Controller josh.kendall@case.edu
 Chuck Yoder    Univesity Controller  chuck.yoder@case.edu
 Anna Minc(ad hoc)    Internal Audit aminc@deloitte.com
 Xuan Gao Faculty xuan.gao@case.edu


Please click "Meetings" link below to access meeting agendas, handouts, notes, recordings, etc.
Subpages (1): Meeting Materials
Comments