Rule 3342-9-03 | University policy regarding information technology security administration.

(A) Purpose: to ensure that all members of the campus community understand their responsibilities to protect the security of technology resources and preserve reliability, integrity, and availability of information.

(B) Policy statement: The university requires the use of technologies and data in digital form in order to carry out its teaching, research, and administrative missions. The university, through the division of information technology, will develop and publish policies and practices designed to secure university information resources.

(C) Responsibilities: Implementation of information security policies is delegated to the vice president for information technology and CIO. The vice president may delegate certain responsibilities for implementation of policies and practices in furtherance of this rule to the chief information security officer (CISO) or other appropriate delegate. The appropriate delegate will have primary responsibility for:

(1) Oversight of information security.

(2) Implementation and enforcement of this policy.

(3) Development, revision, approval, and oversight of information security policies, procedures, and guidelines pursuant to this policy.

(4) Educating the university community about information security responsibilities.