Resources for IT Partners
You are here
Charter of University Information Security Services
The University of Minnesota (UMN) values the use of information technology in supporting the mission of the University. The University is committed to preserving the confidentiality, integrity, and availability of information regardless of the form it takes—electronic or non-electronic. Improper use of information resources may result in harm to the University and its mission of teaching, research, and outreach. University information, whether managed and residing on UMN resources or held in trust and managed by a third party or business partner, is an important asset that must be protected. Any person or organization that uses or holds in trust these assets has a responsibility to maintain and safeguard them.
Mission & Objectives
The mission of the University Information Security is to support the goals of the University by safeguarding UMN information and assets from unauthorized disclosure, use, modification, or loss. It is one of University Information Security’s primary objectives to develop proactive technical and non-technical measures to help identify and prevent security risks and provide effective response in cases where those measures fail.
The Chief Information Officer (CIO), as a system officer, has delegated operational responsibility to University Information Security for information security on all campuses of the University for information technology assets belonging to the University. IT Professionals and staff throughout the University are partners in helping assure the confidentiality, integrity, and availability of University information.
To safeguard University information resources, University Information Security has delegated operational responsibility to remove electronic devices from the network and, as appropriate, retrieve equipment and data as part of an investigation. University Information Security will seek to minimize the negative impact on operations to the extent possible while fulfilling its responsibilities. University Information Security will work closely with the Office of the General Counsel as necessary to help protect the privacy of members of the University community when fulfilling its responsibilities.
Roles & Responsibilities
Chief Information Officer responsibilities:
- Identify and delegate responsibility for information security
- Approve technical security policies/standards/guidelines
- Report periodically to senior administration and the Regents
University Information Security responsibilities include:
- Protecting the University network, systems, and data.
- Coordinating with designated campus, collegiate, or unit technical and security staff to ensure the confidentiality, integrity, and availability of University systems and ensure that appropriate and timely action is taken
- Investigate reported and discovered security incidents
- Presenting information to the Security Advisory Committee and CIO
- Receiving reports of security incidents and coordinate investigation as necessary
- Determining risk reduction and mitigation steps necessary to protect University assets
- Coordinating with the unit administrative and technical/security staff to assure that appropriate diagnostic, protective, remedial, and other actions are taken as necessary to protect University resources
- Coordinating with the appropriate University offices (compliance, legal, human resources, and student conduct) as well as external organizations as necessary.
- Reporting security-related metrics and results periodically
- Coordinating compliance activities for various regulations, laws, and contractual commitments
- Proposing security policies, standards, guidelines, and procedures to the CIO
- Receiving and processing legal notices from copyright holders and the legal system with the advice of the Office of the General Counsel
- Coordinating with law enforcement and with the Office of the General Counsel
Collegiate and unit responsibilities:
- Protect the collegiate or unit systems and data
- Implement security controls
- Cooperate with University Information Security in investigating security incidents
- Refer all requests from law enforcement or the legal system to the Office of the General Counsel or University Information Security
- Keep University Information Security informed with up to date contact information for technical staff
- Attend comp-sec, net-people and other campus meetings for technical staff to maintain up to date knowledge of the University computing environment
- Report security incidents to University Information Security
- Implement security controls and protections
A list of IT-related policies with links is available at the University Policy Library.