Office of the Chief Information Officer
Vice President for Information Technology
MUSC Information Security
MUSC Enterprise Information Security Program
|Go to the Information Security Website|
Information Security Program Governance
The use of information and information technology are increasingly important to MUSC's ability to meet its mission. The overall objective of MUSC's information security program is to protect information from loss, corruption, and unauthorized access, use and disclosure, while facilitating its availability to authorized users. Likewise, compliance requirements relating to information security are becoming more prevalent in the legal, regulatory and contractual environments in which MUSC operates. Appropriate governance is necessary to provide strategic direction, and to verify that resources are sufficient, such that information security objectives can be achieved, and compliance requirements can be met, across the MUSC enterprise.
MUSC’s enterprise information security program has the following stakeholders: Compliance Offices (MUHA, MUSC, MUSCP), Risk Management, Human Resources (MUHA, MUSC, MUSCP) Legal Affairs, Internal Audit, and OCIO.
The entities mentioned above are organized and represented within the Information Security Advisory Council (ISAC). ISAC serves as an enterprise-wide advisory group for MUSC's enterprise information security and related compliance programs. The Council reports to and advises the VP Group's mission of ensuring that appropriate and cost-effective information protection measures are applied to MUSC's information and IT assets, serves as an advocate for the continuous improvement of MUSC's enterprise information security program, and ensures that MUSC meets all information security related compliance requirements.
For more information and a list of Council members, please refer to the ISAC Charter.
Elements of the enterprise information security program
- Education and Awareness
- Security Technology (Tools & Software)
- Development of Security Policies
- Enforcement of Security Policies
- Network Security Monitoring and Audit Log Monitoring
- Incident Handling and Incident Response
- Managing Risk vs. Cost, Inconvenience, Intrusion
- Compliance (HIPAA, PCI, etc.)
- Disciplinary Action/Consequences
OCIO Information Security Effort
OCIO Information Security Mission and Role:
Protect MUSC’s information from: loss, corruption, and unauthorized access, by providing up-to-date and robust security technology tools and software.
List of information security technology tools and software:
Fire wall, Mal-ware, Virus-ware, Spam filters, Encryption, Intrusion Detection, MDM, 2FA, Audit tools, Network sniffers, Data-loss prevention, Government, Risk, and Compliance software,
See complete list of tools. (NetID Required)
The OCIO Information Security Office was established under the Office of the CIO (OCIO) to meet the following objectives:
- Develop MUSC's Enterprise-level information security technology architecture, strategy and plans
- Assist in the development of Enterprise-level information security policies, standards and guidelines
- Lead participant on MUSC's Computer Security Incident Response Team (CSIRT).
- Developing and deploying Enterprise-level information security safeguards, such as network access control services, that help protect information assets across the MUSC Enterprise
- Developing and deploying common (shared) tools, instruments, and services, as needed to assist MUSC's System Owners and System Administrators in meeting their assigned information security responsibilities.
- Conducting Enterprise-level vulnerability assessments
- Regularly monitoring and testing the effectiveness of implemented technology safeguards throughout the Enterprise.
- Works closely with other ISAC participants to help MUSC meet all information security related compliance requirements.
OCIO Information Security Team and Links
OCIO Information Security Team
- Richard Gadsden, Information Security Officer
- Matthew Jones, Analyst
- Christopher Bennett, Analyst
- Christopher Helton, Analyst
- Aaron Heath, Analyst
End Point Security; clean up compromised accounts/corrupted devices (100/mo.)
- Denise Clark, Analyst
- Lisa Pecsuk, Analyst
MUSC Information Security Office Policies and Procedures
MUSC Information Security Procedures
MUSC Information Security Standards
MUSC Information Security Guidelines