Information Security Manual
Section 100: Information Security Roles and Responsibilities
Effective: 01/11/2010

Purpose

The purpose of this Institutional Responsibilities document is to clearly outline the roles of President, CIO, and CISO in fulfilling Oregon State University’s responsibilities with respect to information security as directed in the OUS Information Security Policy.

Institutional Responsibilities

President:  As directed in the OUS Information Security Policy, the President has overall oversight responsibility for institutional provisions set forth in that policy.  The President will hold the CIO and CISO accountable for instituting appropriate policy and programs to ensure the security, integrity, and availability of OSU’s information assets.

Chief Information Officer (CIO):  As directed in the OUS Information Security Policy, the CIO is responsible for ensuring that the institutional policies governing Information Systems, User and Personal Information Security, Security Operations, Network and Telecommunications Security, Physical and Environmental Security, Disaster Recovery, and Awareness and Training are developed and adhered to in accordance with the OUS policy.

Chief Information Security Officer (CISO):  Reporting to the CIO, the CISO is responsible for the member institution’s security program and for ensuring that institutional policies, procedures, and standards are developed, implemented maintained and adhered to.