Office of the Chief Information Officer
Vice President for Information Technology
MUSC Information Security
Information Security Program Governance
The use of information and information technology are increasingly important to MUSC's ability to meet its mission. The overall objective of MUSC's information security program is to protect information from loss, corruption, and unauthorized access, use and disclosure, while facilitating its availability to authorized users. Likewise, compliance requirements relating to information security are becoming more prevalent in the legal, regulatory and contractual environments in which MUSC operates. Appropriate governance is necessary to provide strategic direction, and to verify that resources are sufficient, such that information security objectives can be achieved, and compliance requirements can be met, across the MUSC enterprise.
The Information Security Advisory Council (ISAC) serves as an enterprise-wide advisory group for MUSC's information security and related compliance programs. The Council directly supports the VP Group's mission of ensuring that appropriate and cost-effective information protection measures are applied to MUSC's information and IT assets, and serves as an advocate for the continuous improvement of MUSC's information security program.
For more information and a list of Council members, please refer to the ISAC Charter.
Information Security Office
The MUSC Information Security Office (ISO) was established under the Office of the CIO (OCIO) to meet the following objectives:
- Documenting MUSC's Enterprise-level information security architecture, strategy and plans
- Coordinating the development of Enterprise-level information security policies, standards and guidelines
- Directing MUSC's Computer Security Incident Response Team (CSIRT).
- Developing and deploying Enterprise-level information security safeguards, such as network access control services, that help protect information assets across the MUSC Enterprise
- Developing and deploying common (shared) tools, instruments, and services, as needed to assist MUSC's System Owners and System Administrators in meeting their assigned information security responsibilities.
- Developing and maintaining an Enterprise-level security awareness and training program, addressing the needs of Users, System Owners, and IT professionals, across the Enterprise.
- Conducting Enterprise-level vulnerability assessments.
- Regularly monitoring and testing the effectiveness of implemented safeguards throughout the Enterprise.