Information is integral to Case Western Reserve University and is a crucial asset for the University. Case is committed to ensuring the integrity, reliability, availability, and confidentiality of its data and computer systems. To maintain this standard of excellence, Case considers information security to be of paramount importance and an essential cornerstone of its operations.
Information is integral to Case
Western Reserve University and is a critical asset for the University. Case is committed to ensuring the and confidentiality, availability, and integrity of its data and underlying IT support systems. To maintain this standard of
excellence, Case considers information security to be of paramount importance
and an essential cornerstone of its operations.
To this aim, the Executive Technology
Steering Committee and the Vice President for Information Technology Services
has empowered the Security and Policy Committee to evaluate, establish,
maintain and ensure compliance of control measures to protect the University's
information resources from unauthorized or accidental modification, destruction
or disclosure. The Security and Policy Committee will advise the Executive Steering Committee, ITSPAC
and the Vice President for Information Technology Services - Chief Information
Officer of the University on standards, policies and practices related to the
security, security risk management, and compliance of rules and regulations used in
support of campus-wide, business units, and school-based information security policies and
Specifically, areas of focus
a collaborative approach to information security efforts across academic units,
administrative units, and information technology services departments to
mitigate risks through various technical and/or policy initiatives.
- Developing security policies, standards, guidelines
and procedures and other elements of an infrastructure to support information
- Architecting control measures to improve information
security (including evaluating and selecting products and services).
in the development of scenarios of usage, test for abnormalities or exposures of
- Developing, presenting and managing the
dissemination of information security awareness and training materials.
- Providing consulting oversight on implementation of
information security controls (e.g. encryption system deployment, secure
telecommunications and secure application system development procedures).
- Serving as liaison and forum between the various groups
dealing with information security matters (e.g. with business units, legal,
human resources and auditors).
Members of the Information Security Advisory Group are appointed by the
Vice President for Information Technology Services/ Chief Information Officers
in consultation with the Executive Technology Steering Committee and the
University’s Information Security Officer.
The Information Security Officer serves as the chair of the Advisory
of the Advisory Group will include stakeholders from the Faculty Senate, schools, central
administrative units, legal, compliance, and internal audit.
The primary goal of the
Information Security Advisory Group is to promote management practices that
will ensure the confidentiality, integrity and availability of Case's
information resources. To achieve this
goal, the Information Security Advisory Group will:
- Support the establishment and compliance of
appropriate information security policy, standards, procedures and controls for
- Promote good information security concepts and
- Maintain the confidentiality of all proprietary or
otherwise sensitive information encountered in the course of professional activities. The information shall not be used for the
personal benefit nor released to inappropriate parties.
- Use due care to obtain and document sufficient
factual material on which to base conclusions and recommendations. Strive not to intentionally injure or impugn the
professional reputation or practice of colleagues or clients.
- Inform the appropriate parties of the results of
investigation work performed.
- Support the education of management, clients and the
general public to enhance their understanding of auditing and information
- Perform professional responsibilities with due
diligence and honesty in accordance with the law and the highest ethical
- Perform their duties in an independent and objective
manner, and shall avoid activities which threaten or may appear to threaten,
Members are appointed annually.