Information Security and Emerging Technologies
The Information Security and Emerging Technologies Office (ISET) shares the mission and core values of the Information Technology Services Division by promoting the privacy, confidentiality, integrity and availability of university information resources.
ISET works with the campus community in the adoption and implementation of the CSU and CSUSB Information Security Policies and Standards.
ISET works to:
- Develop appropriate processes, procedures, and policies required for the protection of university information
- Identify risks to the security of information and systems. Mitigate these risks to levels acceptable to the campus
- Define security requirements, establish baselines and measure compliance, based on applicable laws, regulations, and best practices
- Consult with campus users and departments to investigate security issues and evaluate products and processes
- Collaborate with Information Resources administrators and technical staff to develop the campus information security strategy and architecture
- Ensure incident response and disaster recovery plans are developed and implemented
- Respond to and recover from disruptive and destructive information security events
- Increase campus awareness of information security through training and communication
ISET is a member of the IT Governance Subcommittee which develops information security policies, standards and procedures for the protection of university information assets in response to changes in the technology and information landscape.
ISET collects and monitors metrics, and encourages application of benchmarks to assess compliance with various policies and standards for information resources
Awareness and Training
ISET coordinates a program to increase information security awareness.
ISET brokers training to improve the information security & technical capabilities of campus IT personnel.
ISET educates and tests units on continuity/disaster recovery issues.
ISET establishes guidelines for the handling of information security related incidents. IT procedures and business practices involve ISET for the phases of incident response including: prevention, preparation, detection, containment, recovery, digital investigation (forensics), and reporting of lessons learned.