Main Content Region

Security

Departmental logo stating California State University San Bernardino Information Security and Compliance

 

Information Security and Compliance

The Information Security and Compliance department shares the mission and core values of the Information Technology Services group by promoting the privacy, confidentiality, integrity and availability of university information resources.

ISC works with the campus community in the adoption and implementation of the CSU and CSUSB Information Security Policies and Standards.

ISC works to:

  • Develop appropriate processes, procedures, and policies required for the protection of university information
  • Identify risks to the security of information and systems. Mitigate these risks to levels acceptable to the campus
  • Define security requirements, establish baselines and measure compliance, based on applicable laws, regulations, and best practices
  • Consult with campus users and departments to investigate security issues and evaluate products and processes
  • Collaborate with Information Resources administrators and technical staff to develop the campus information security strategy and architecture
  • Ensure incident response and disaster recovery plans are developed and implemented
  • Respond to and recover from disruptive and destructive information security events
  • Increase campus awareness of information security through training and communication

Governance

ISC is a member of the IT Governance Subcommittee which develops information security policies, standards and procedures for the protection of university information assets in response to changes in the technology and information landscape.

Compliance

ISC collects and monitors metrics, and encourages application of benchmarks to assess compliance with various policies and standards for information resources

Incident Response

ISC establishes guidelines for the handling of information security related incidents. IT procedures and business practices involve ISC for the phases of incident response including: prevention, preparation, detection, containment, recovery, digital investigation (forensics), and reporting of lessons learned.

Preventive

Awareness and Training

ISC coordinates a program to increase information security awareness.

ISC brokers training to improve the information security & technical capabilities of campus IT personnel.

Business Continuity

ISC educates and tests units on continuity/disaster recovery issues.

Cyber Intelligence & Security Organization (CISO) Club

Cyber Intelligence & Security Organization (CISO) club

 

ISC partners with CSUSB's Cyber Intelligence & Security Organization (CISO) Club in awareness activities for students.  For more information about the CISO Club go to the CISO Club web page or check out their Facebook page