The key focus of the Information Technology Security is to support and enable research, education and administration at McMaster University while appropriately managing the risks associated with information and the associated technologies.
To meet these objectives a comprehensive Information Technology Security Program will be developed that aligns with the university mission statements, in particular “Forward with Integrity” and “Vision 2020”, and assures compliance with external regulatory obligations.
The goals of the program and mitigating strategies are:
- Strategic Alignment – aligning with organizational strategy to support university mission objectives.
- Risk Management – implementing appropriate measures to mitigate risk and reduce potential impacts to information security to an understood and accepted level.
- Value Delivery – optimizing investments in support of organization objectives.
- Resource Management – using knowledge and infrastructure efficiently and effectively across departments and faculties.
- Performance Measurement – monitoring and reporting on security activities to ensure that Information Technology security objectives are achieved.
- Assurance Process Integration – alignment of assurance functions and processes to enable integrated pan university risk management in partnership with Enterprise Risk Management.
The program is based on the McMaster Enterprise Risk Management Framework and leverages industry accepted frameworks and international standards for mitigation strategy (controls) development, implementation and management.
*IT Governance Institute, COBIT 4.1, USA, 2007
*IT Governance Institute, COBIT Security Baseline, 2nd Edition, USA, 2007
*International Organisation for Standardisation (ISO) and the
International Electrotechnical Commission (IEC), Information technology
Security techniques Code of practice for information security
management, ISO/IEC 27002:2005, Switzerland, 2008
*Pritam Bankar, Sharad Verma, COBIT Focus Vol.2. - Mapping PCI DSS v2.0
With COBIT 4.1, April 2011
*IT Governance Institute, COBIT 5 - Enabling Processes, USA, 2012
*IT Governance Institute, Aligning COBIT® 4.1, ITIL® V3 and ISO/IEC
27002 for Business Benefit, USA, 2008