Information Security

Information Security refers to policies and practices intended to protect information and systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

ITS houses the Chief Information Security Officer (CISO) and security function.  The CISO is a University resource for best practices in information security. Dedicated to assuring the confidentiality, integrity and availability of the University's information assets, this office works with the Internal Control Officer, Office of University Counsel, Internal Audit and supports the institution's Internal Controls initiative.

The CISO has overall responsibility for ensuring the implementation, enhancement, monitoring and enforcement of this program and provides direction and leadership  to ensure that appropriate safeguards are implemented, and to facilitate compliance with those policies, standards and processes.

The CISO is responsible for investigating alleged information security incidents and violations. In this role, the ISO may refer the investigation to other investigatory entities, including law enforcement. The CISO will coordinate and oversee IT security program activities and reporting processes in support of this program and other IT security initiatives.

Policies and procedures of the University apply broadly to all systems and sensitive information on campus. They may be found at these links: 

Related Documents

  • 45 CFR Parts 160, 162, and 164 (HIPAA)
  •  
  • Other State and Federal regulations governing the acquisition, retention, and dissemination of protected data
  • SUNY system-wide information security policies and requirements
  • SUNY Policies of the Board of Trustees