草榴社区 Us

Governance and Stakeholder Groups

The Information Security and Advisory Services group receives direction from the UA System Chief Information Security Officer (CISO), who reports to the UA System Chief Information Technology Officer (CITO).  The CISO and CITO are members of the CIO Management Team (CMT), which includes the CIOs for each of the UA System's three universities - UA Anchorage, UA Fairbanks, and UA Southeast.  The CMT provides feedback on projects, shares concerns and issues from each university, and tracks the progress of key initiatives within ISAS.

To ensure the success of our initiatives and to improve outreach and communication system wide, we're forming two stakeholder groups with two distinct focuses.

Information Security and Assurance Advisory Team (ISAAT):

The ISAAT is focused on higher level discussion of projects and initiatives, potential challenges or impacts to the University and its constituents, and in gathering feedback from those constituents to ensure the program is meeting its objectives.  

Review the ISAAT Group Charter (UA login required), which provides additional details and defines objectives and governance of the group.  Interested in joining?  Email ua-oit-security@alaska.edu to register your interest.

Operational Security Team (OST):

Our other stakeholder group is focused on operational security and the handling of day-to-day challenges such as threat and vulnerability management, patching, security controls, etc.  This group represents the "boots on the ground" within the system office and centralized university IT departments, as well as our colleagues in distributed IT (research, library, outlying campuses, etc.)

Are you responsible for information security, assurance, or compliance functions within your program area?  Please let us know so we can add you to the OST communications.  Email ua-oit-security@alaska.edu to get started.

Strategic Plan

The UA Chief Information Security Officer, in collaboration with the ISAS staff and the ISAAT stakeholders, develops a rolling 2-3 year strategic plan that identifies objectives and major supporting tasks across the ISAS capability and responsibility portfolio.

View the FY22-23 Information Security and Assurance Services Strategic Plan (UA login required)


Active Initiatives

Near-term priorities within ISAS include expansion of Multi-Factor Authentication (MFA), selection and deployment of an Endpoint Detection and Response (EDR) solution, formalization of governance and stakeholder groups, support of research contract acquisition and maintenance, streamlining and enhancing vendor management and risk assessments during the procurement process, and undertaking a comprehensive review and update of our security and assurance related policies, procedures, guidelines, and standards in order to support a system wide security framework implementation and basic level of assurance.

Does any of this sound interesting to you?  Check out our "" page to see how you can participate.

 

Meet our Team

Well, until we can wrangle everyone together for photos, you can  that includes all of NTS.  If it doesn't render properly, play refresh roulette until you can see our names.