Appendix 8: Information Security

  1. UNLV Cyber Security Team Membership and Charges

Appendix 8A – UNLV Cyber Security Team Membership and Charges

Purpose

The Cyber Security Team is comprised of information and technology specialists from across the campus. The primary responsibilities of the group are to:

  • Create and foster a campus-wide approach to information technology security
  • Recommend to the Technology Review Board policies, procedures, and technical measures to support the development and maintenance of a secure information technology environment
  • Promote awareness on IT security issues, compliance changes, threat mitigation and individual responsibility for helping ensure a safe campus IT environment

Chair

Chief Information Security Officer or designee

Membership

Members Appointed By
Chief Information Office (1)
  • Chief Information Security Officer or designee
Chief Information Officer
Central IT (3)
  • Desktops
  • Network       
  • Systems
Chief Information Officer
IT Representatives from Campus Units (9)*
  • Institutional Analysis & Decision Support
  • Engineering
  • Finance & Business
  • UNLV Libraries
  • School of Dental Medicine
  • School of Medicine
  • Student Affairs
  • Supercomputing Center/Research
  • Thomas & Mack
Appropriate Unit Representative
IT Forum Representative (1) IT Forum through election
Faculty (1) Faculty Senate
* Campus units on the list have unique IT security needs.

Charges

  • Adopt an industry standard security framework to guide security initiatives on campus (e.g., SANS Top 20, ISO270001, NIST 800-53)
    • Select the framework
    • Map current campus security measures to the framework
    • Recommend actions (e.g., policies, projects, services) to fill gaps in the framework
  • Recommend changes to the framework, policies, and procedures to maximize the university’s ability to meet compliance requirements (e.g., PCI, HIPAA, FERPA) and changing security risks
  • Develop and maintain a list of security initiative priorities to be reviewed periodically (at least semi-annually) and submitted as part of the strategic technology planning processes
  • Develop an annual risk assessment and mitigation report for review by the Technology Review Board
  • Develop and maintain a Security Liaison program
    • Promote awareness of security issues that could impact the campus
    • Engage the liaisons in the development and implementation of campus security initiatives
  • Develop position-specific security responsibilities and provide awareness and training programs to ensure employees and students can meet those responsibilities
  • Develop and maintain collaborative communication mechanisms for security awareness, information dissemination, and campus input regarding security matters
  • Recommend security measures for emerging technologies as they become widely used on campus (e.g., mobile devices, cloud services)

Security Liaisons

The work of the Cyber Security Team is dependent on assistance from every major unit on campus. Individuals knowledgeable about the security needs of their units and who are willing to assist with creating a more secure information technology environment at UNLV will be recruited to serve as Security Liaisons.

Security Liaisons will be expected to:

  • Maintain a high-level awareness of current security issues that could impact their unit and/or the campus
  • Assist in the implementation of security initiatives in their units and across campus
  • Bring unit-specific security matters to the attention of the Cyber Security Team for consideration in the overall UNLV IT security planning
  • Ensure that newly proposed security measures take into consideration the unique data and research needs of the units they represent