|
|---|
| Table of Contents |
|---|
| outline | true |
|---|
| style | none |
|---|
| type | list |
|---|
|
|
Responsible for ensuring the development and adoption of the Information Security Plan. Assign responsibility of Information Security Officer and Information Security Architect. Identify and make strategic decisions on information risk and risk acceptance.
Designated by the CIO, responsible for building, maintaining, and educating the campus on the Information Security Plan. Facilitate Plan compliance through collaborative relationships with academic and administrative officials, consistent with campus governance structure and policy compliance strategies.
Designated by the CIO, responsible for architecting and implementing technical controls based on the Information Security Plan, best practices, and collaborative business analysis.
A person assigned responsibility for coordinating information security in a UCI division or school. This includes maintaining an inventory of computing systems containing protected data, participating in campus-wide information security coordination activities, and facilitating security in the division or school. Information Security Coordinator List Data Proprietor (Administrative official)
A person who has responsibility for oversight of data or computing systems with access to protected data and with primary responsibility for determining the purpose and function of any data resource; often the chief administrative official of the Office of Record for the data resource . The individual designated responsibility for the information and the processes supporting a specific University function. Resource Proprietors are responsible for ensuring compliance with federal or state statutory regulation or University policy regarding the release of information according to procedures established by the University, the campus, or the department, as applicable to the situation. Responsibilities of Resource Proprietors may include, for example: specifying the uses for a departmentally-owned server; establishing the functional requirements during development of a new application or maintenance to an existing application; and determining which individuals may have access to an application or to data accessible via an application. All Electronic Information Resources are University resources, and Resource Proprietors are responsible for ensuring that these Resources are used in ways consistent with the mission of the University as a whole. This is usually a senior manager or administrator within a unit. Data CustodianA technical partner (individuals with administrative responsibility for campus organizational units (e.g., control unit heads, deans, department chairs, principal investigators, directors, or managers) or individuals having functional ownership of data). - identify the electronic information resources within areas under their control
- define the purpose and function of the resources and ensure that requisite education and documentation are provided to the campus as needed
- establish acceptable levels of security risk for resources by assessing factors such as:
- how sensitive the data is, such as research data or information protected by law or policy,
- the level of criticality or overall importance to the continuing operation of the campus as a whole, individual departments, research projects, or other essential activities
- how negatively the operations of one or more units would be affected by unavailability or reduced availability of the resources
- how likely it is that a resource could be used as a platform for inappropriate acts towards other entities
- limits of available technology, programmatic needs, cost, and staff support
- ensure compliance with relevant provisions of the UCI Information Security Plan
- ensure that requisite security measures are implemented for the resources
Data Custodian (Technical staff)
A technical partner (individuals who design, manage, and operate campus electronic information resources, e.g., IT directors, project managers, system designers, application programmers, or system administrators) of the Data Proprietor who is responsible for the implementation of data systems and the technical management of data resources, as directed by the Data Proprietor. The authorized University personnel who have physical or logical control over a specific Electronic Information Resource. This includes, for example, central campus information technology departments with maintenance responsibility for an application; departmental system administrators of a local area network; and database administrators for campus-wide or departmental databases. This role provides a service to a Resource Proprietor. This is usually an IT manager or liaison. - become knowledgeable regarding relevant security requirements and guidelines
- analyze potential threats and the feasibility of various security measures in order to provide recommendations to Data Proprietor
- implement security measures that mitigate threats, consistent with the level of acceptable risk established by administrative officials
- establish procedures to ensure that privileged accounts are kept to a minimum and that privileged users comply with privileged access agreements
- establish procedures to implement relevant provisions of the UCI Information Security Plan
- communicate the purpose and appropriate use for the resources under their control
|