An NSHE-wide governance structure establishes and maintains the alignment of information security strategies with organizational goals and objectives, assures consistency with applicable laws and regulations, and provides accountability, responsibility, and authority necessary to manage cybersecurity risk. In response to the challenge of reducing cybersecurity risk and improving system-wide information security, an information security governance structure has been established.
The three pillars of this governance structure include:
- Information Security Officers Council to serve as the working group for information security issues. This group is comprised of President-appointed representatives who have been identified as having the responsibility for information security issues at each institution. The members are tasked with implementation and delivery of elements of the NIST Cybersecurity Framework, examining potential avenues for shared services where appropriate, security policy review and drafting proposals, and productively engaging in knowledge sharing for our common benefit.
- The NSHE Chief Information Security Officer is responsible for implementing and managing the security governance process and for advocating the information security program throughout the System.
- Internal Audit verifies that the security controls reported are being executed as stated as well as looking for deficiencies in security that need to be addressed to improve the overall security posture of the organization.