Information security and IT risk management are necessary strategic functions in any organization, and are integral in numerous aspects of the University. The Information Security and IT Risk Management Governance Committee assists in evaluating the portfolio, capabilities and strategies in these two key and complementary areas. The Committee provides support and input to the security mission and campus culture and encourages and monitors continuous IT risk assessment in assessing current evaluations and expected outcomes.
Services in Scope
- Information security capabilities
- Information security training and awareness
- Information security policies and positions
- Architecture and Security Review (“ASR”)
- IT risk assessment process, monitoring and completion
Identify and develop University policy for security and IT risk
Recommend information security initiatives to be considered/approved by SAGIT
Align IT security practices with Princeton’s tolerance for risk
Establish accountability, authority, and responsibility for information protection
Identify, prioritize, and develop IT security standards and enforcement mechanisms to be implemented across Princeton
Communicate new IT security processes, practices, and standards across Princeton
Make critical, network, and research infrastructure decisions
Assist in benchmarking, peer reviews and national security culture
Initially, the committee will every other month in person or online to conduct committee business, and a majority of the committee members will constitute a quorum. Eventually, the committee may meet quarterly.
Chair: David Sherry
Serves as leader of the committee and is appointed by SAGIT for a 3-year term; orients new committee members; sets meeting agendas; facilitates committee meetings; represents the committee to other committees and University units.
Secretary: Harris Otubu
Onboards new committee members; maintains the committee document repository and website; reserves physical and virtual meeting spaces; schedules committee meetings; procures and sets up meeting technologies; distributes meeting agendas; prepares meeting documents; tracks meeting attendance; takes and distributes meeting notes; delegates activities to administrative/support staff as needed.
Chief Information Security Officer