I N F O R M A T I O N S E C U R I T Y S T R A T E G I C P L A N
U N I V E R S I T Y O F C O N N E C T I C U T I N F O R M A T I O N S E C U R I T Y O F F I C E 4 / 2 0 / 1 0
M I SSI O N ST AT E M E NT
The mission of the Information Security Office (ISO) is to design, implement and maintain an information security program that protects the University’s systems, services and data against unauthorized use, disclosure, modification, damage and loss. The ISO is committed to engaging the University community to establish an appropriate information security governance structure that enables collaboration and support for new information security initiatives.
I NT R ODU CT I O N
The University of Connecticut recognizes that information is a critical asset and that how information is managed, controlled and protected has a significant impact on the delivery of services. Information assets must be protected from unauthorized use, disclosure, modification, damage and loss. Additionally, information assets must be available when needed, particularly during emergencies and times of crisis.
The decentralized nature of the University’s computing environment is inherently difficult to manage and secure. Many departments operate their own systems and applications. In addition, the University has not developed or enforced standards or guidelines to reduce the risks commonly associated with heterogeneous computing environments.
This document is the first University-wide information security strategic plan. It sets priorities for how the University can efficiently and effectively address the management, control and protection of the University’s information assets. In addition, this document outlines the strategic objectives that all future initiatives are based on and identifies the components necessary to iteratively improve the security posture of the University.
The Information Security Office will utilize a methodology...