IT Security Officer is a key role in ITSC created for leading cyber security implementation on a University-wide basis, in collaboration with relevant members in ITSC, ISO as well as Cyber Security Coordinators from sites/departments/offices/units. While the obvious goal is to attain and maintain a healthy level of cyber security for the entire University, the exact roles and responsibilities of the IT Security Officer will evolve with the development of the current cyber security threats. Currently, the Roles and Responsibilities of IT Security Officer include:

Operational Management of Cyber Security

• Propose updates to the Cyber Security Policy as well as adoption of best practices as required in light of emerging threats in cyber security
• Take the lead and collaborate with Cyber Security Coordinators in the implementation of cyber security measures including but not limited to:
  1. Maintenance of IT Resource Record
  2. Compliance to Minimum Security Standard in IT Resource Hardening
  3. Incident Reporting and Handling
  4. Promotion of Awareness and Compliance
• Assist IT resources owners and users to perform risk assessment effectively and arrive at agreeable risk classifications of IT resources

Compliance and Escalation

• Lead the compliance monitor effort for cyber security
• Escalate any issues arising from misclassification of risks, non-compliance as well as emerging cyber security threats up to VP-AB such that appropriate actions can be implemented on a University-wide level

Related Links

• Cyber Security Policy
• Cyber Security Incident Handling Policy
• Minimum Security Standard
• Risk Classification Examples of Common IT Resources