Description
The university maintains ongoing contact with security and privacy groups and associations which is important in an environment of rapidly changing technologies and threats. Groups and associations include special interest groups, professional associations, forums, news groups, users’ groups, and peer groups of security and privacy professionals in higher education and similar organizations.
Applicability
-
The university’s Chief Information Security Officer (CISO) has the primary responsibility for the implementation of this Control.
Implementation
-
1
The Chief Information Security Officer (CISO), or designees, shall establish and institutionalize contact with selected groups and associations within the security and privacy communities:
-
1.1
To facilitate ongoing security and privacy education and training for university personnel;
-
1.2
To maintain currency with recommended security and privacy practices, techniques, and technologies; and
-
1.3
To share current security and privacy information, including threats, vulnerabilities, and incidents.
-
1.1