The Information Security Advisory Council is charged with providing advisement, review, and endorsement of Appalachian State University's Information Security Plan including relevant policies, strategic initiatives, and services. The goal of this council is to ensure that this plan is aligned to the needs of the University community, focused on salient education and awareness opportunities, and driven to achieve reasonable, cost-effective, and holistic management of risks related to University information resources. The composition of this council will include members from units that regularly deal with information security issues as well as those who can articulate the needs and concerns of faculty, staff, and students.
The scope of authority for Information Security Advisory Council includes the following areas:
- Collaborative review, revision, and endorsement of the University Information Security Plan.
- Collaborative review, revision, and endorsement of University Information Security Policies.
- Identification of campus wide and role-specific security awareness and training needs.
- Review and advisement concerning information security issues, trends, and opportunities.
- Review and advisement concerning information security program service improvements.
- Authority to establish committees and workgroups to research or focus on specific areas.
- Publication of all non-confidential council work, project information and meeting minutes to council web site.
The primary deliverables of the Information Security Advisory Council work includes the following:
- A collaboratively developed Information Security Plan that defines strategic initiatives, objectives, and areas for continual improvement.
- A collaboratively developed Security Awareness and Training Plan that addresses key issues, needs, and concerns.
- A collaboratively developed set of proposed and/or ratified Information Security Policies that address the important information security needs of Appalachian State University.
Information Security Policies that are formulated or updated by the Council must comply with the University Policy on Policies including all requirements related to formal approval review.