An information security program (ISP) is designed to protect information resources from a wide range of threats, ensure business continuity, and minimize business risk to Lindenwood University and members of the Lindenwood community. Information resource security is achieved by implementing applicable policies, processes, procedures, controls, standards, guidelines, organizational structures, and supporting technology. The information security program (ISP) governs the confidentiality, integrity, and availability of 51¸£ÀûÉç data, especially highly sensitive or critical data, and defines the responsibilities of departments and individuals for such data.
This information security program applies to any person granted access to Lindenwood University information resources, including but not limited to students, faculty, staff, alumni, temporary employees, contractors, volunteers, friends of 51¸£ÀûÉç, and guests who have access to 51¸£ÀûÉç information resources. Such technology resources include but are not limited to data, images, text, recordings, and software which are stored on hardware or other digital storage media both on-campus and at outsourced locations.
The following foundational elements are designed to create a framework for the information security program (ISP), help 51¸£ÀûÉç adopt a control catalog, and comply with best practices in Information Security.
Vice President/Chief Information Officer (CIO): 51¸£ÀûÉç’s Chief Information Security Officer is responsible for overseeing the organization’s technology infrastructure and ensuring that it aligns with the business goals and objectives. The CIO will periodically present an update on the status of the ISP to the executive officers and the Board of Trustees.
Assistant Vice President for Information Technology (AVPIT): The AVPIT of 51¸£ÀûÉç is responsible for managing the day-to-day operations of the university’s IT systems. This includes ensuring that the ISP is properly implemented and maintained.
IT Governance Committee: Works in conjunction with the CIO and AVPIT to review and recommend university policies regarding information security.
Access Controls: The process of controlling access to systems, networks and information based on business and security requirements of the user’s role within 51¸£ÀûÉç.
Risk Tolerance: 51¸£ÀûÉç’s willingness to accept risk by either accepting, transferring, or mitigating risk exposures.
Information Security Incident: An event that impacts or has the potential to impact the confidentiality, availability, or integrity of 51¸£ÀûÉç's information resources.