Information Security and IT Risk Management

Purpose

Information security and IT risk management are necessary strategic functions in any organization, and are integral in numerous aspects of the University. The Information Security and IT Risk Management Governance Committee assists in evaluating the portfolio, capabilities and strategies in these two key and complementary areas. The Committee provides support and input to the security mission and campus culture and encourages and monitors continuous IT risk assessment in assessing current evaluations and expected outcomes.

Services in Scope 

  • Information security capabilities
  • Information security training and awareness
  • Information security policies and positions
  • Architecture and Security Review (“ASR”)
  • IT risk assessment process, monitoring and completion

Responsibilities ​

  1. Identify and develop University policy for security and IT risk

  2. Recommend information security initiatives to be considered/approved by SAGIT

  3. Align IT security practices with Princeton’s tolerance for risk

  4. Establish accountability, authority, and responsibility for information protection

  5. Identify, prioritize, and develop IT security standards and enforcement mechanisms to be implemented across Princeton

  6. Communicate new IT security processes, practices, and standards across Princeton

  7. Make critical, network, and research infrastructure decisions

  8. Assist in benchmarking, peer reviews and national security culture

Meetings

Initially, the committee will every other month in person or online to conduct committee business, and a majority of the committee members will constitute a quorum. Eventually, the committee may meet quarterly.

Roles

Chair: David Sherry

Serves as leader of the committee and is appointed by SAGIT for a 3-year term; orients new committee members; sets meeting agendas; facilitates committee meetings; represents the committee to other committees and University units.

Secretary: Harris Otubu

Onboards new committee members; maintains the committee document repository and website; reserves physical and virtual meeting spaces; schedules committee meetings; procures and sets up meeting technologies; distributes meeting agendas; prepares meeting documents; tracks meeting attendance; takes and distributes meeting notes; delegates activities to administrative/support staff as needed.

Contact

David Sherry 
Chief Information Security Officer 
[email protected]