The Higher Education Information Security Council (HEISC) Governance, Risk, and Compliance (GRC) Working Group has developed a series of security translation papers for specific campus audiences. These papers highlight key security program points for procurement staff, treasury operations staff, and data owners. These documents serve as an educational and awareness tool, as well as a marketing tool for the campus information security office.
Each document provides two pages of information:
- Who the security office is, what they do, how they can help, and how to find them.
- A translation on a topic according to the audience identified.
The first example, developed by American University, describes how the treasury operations department and the information security team assist with PCI DSS compliance. (PDF, Word)
The second example, developed by Brown University, describes how the information security group can provide guidance to the procurement office about contract reviews, audits, compliance, records management, and insurance. (PDF, Word)
The third example, developed by the University of Texas System, explains the important responsibilities of data owners to help keep institutional data safe and secure. In addition to “A Data Owner’s Eight Step Information Security Plan,” the document also explains how the information security office can assist individual data owners. (PDF, Word)
These translations may include institutional logos and contact information, as well as information specific to a college or university. The intent is to provide these documents as templates that can be adapted by other institutions to suit their needs. We hope that you find these resources useful as you communicate with other campus departments about information security issues and why it is so important for everyone on campus to help protect the data.
Additional translations may be developed if there is interest from the community. Please contact us at [email protected] with any questions, comments, or suggestions for new resources.