(1)
The president
shall appoint an information security program coordinator to implement,
coordinate and oversee the information security program at the university of
Akron. The "ISPC" shall seek to assure that customer information is secure at
the university and shall be responsible for the following duties:
(a)
Designing and
implementing, with the assistance of the university's information technology
security officer ("ITSO") appropriate individuals in the affected offices of
the university and any other individuals the "ISPC" deems appropriate,
safeguards, systems, procedures and protocols, which, together with this rule,
shall comprise the university's comprehensive written information security
program:
(b)
Assisting the "ITSO." human resources and the relevant
offices of the university in identifying reasonably foreseeable internal and
external risks to the security, confidentiality and integrity of customer
information that could result in the unauthorized disclosure, misuse,
alteration, destruction or other compromise of such information, by considering
the following factors:
(i)
Employee training and management:
(ii)
Information
systems, including network and software design, as well as information
processing, storage, transmission and disposal: and
(iii)
The
university's ability to detect, prevent and respond to attacks, intrusions or
other system failures.
(c)
Assessing the
effectiveness of the current safeguards, systems and procedures for controlling
identified risks to the security, confidentiality and integrity of customer
information:
(d)
Designing and implementing additional information
safeguards, systems or procedures necessary to control identified risks to the
security, confidentiality and integrity of customer
information:
(e)
Monitoring and testing the effectiveness of customer
information safeguards, systems and procedures at regular
intervals:
(f)
Coordinating with those responsible for third party
service procurement activities for affected departments to raise awareness of,
and to institute methods for, selecting and retaining only those service
providers that are capable of maintaining appropriate safeguards for customer
information to which they will have access;
(g)
Evaluating and
revising the university's comprehensive written information security program in
light of the results of the testing and monitoring of the university's
comprehensive written information security program, any material changes to the
university's operations or business arrangements or any other circumstances
that the "ISPC" knows or has reason to know may have a material impact on the
university's information security program;
(h)
Coordinating with
the "ITSO" and appropriate individuals in the relevant offices of the
university to respond to perceived breaches of the security of customer
information, if such breach should occur; and
(i)
Coordinating with
the office of general counsel, human resources and the "ITSO" to provide
training regarding customer information security practices and procedures to
faculty, staff and students as the "ISPC" deems
necessary.