Information Box Group
Enterprise IT Security Accountability
Enterprise IT Security Accountability sits with the Vice President Administration, the AVP and Chief Technology Officer (CTO), Directory of Information Security Services (ISS) and her IT Security team.
McMaster BoG Audit and Risk Committee
Regular IT security updates include any incidents, monitoring, and changes at each meeting throughout the year.
IT Governance
The IT Security Roadmap and each initiative therein will be reviews and endorsed through the IT Governance Standing Committees. Any new IT Security Roadmap initiatives will be reviewed and endorsed by the UT Executive and will be presented to President and Vice Presidents, Deans, etc. Any new IT Security initiatives are to be presented to McMaster BoG Audit and Risk Committee.
Information Security Governance
Objectives
To determine the appropriate IS Governance Approach and Structure for McMaster that:
- Define and reinforce clarity of intent and direction Responsibility for Information Security and its strategic alignment.
- Establish clear lines of authority and responsibility for delivery, reporting and escalation.
- Provide a platform for Institutional Oversight ensuring consideration of information security risk tolerance.
- Ensure independent oversight over the implementation and management of the security program and roadmap.
- Optimize Security Value Delivery.
Scope
Includes appropriate senior leadership at the level of the Institution that sets the risk appetite and tolerance for information Security Risk; separate from the existing IT Governance and Audit and Risk Committee Oversight.
Deliverables
- Governance Approach and Structure Proposal.
- Stakeholder engagement.
- Governance Artifacts – charter or terms of reference, annual agenda plan.
- Implementation and Operationalization plan.