The ISSC's primary responsibility is to direct prioritization of Wheaton’s ongoing cybersecurity efforts.
The committee is comprised of senior decision makers from the Wheaton College community, will provide strategic direction to the cybersecurity team in management of Wheaton’s information security program. The ISSC will meet quarterly to review the college’s ongoing cybersecurity strategic planning efforts based on Wheaton’s information security risk register. This risk register will be maintained/updated on an ongoing basis by Wheaton’s CIO, Director of Infrastructure and Security, and VCISO (DeepSeas Security).
Objectives:
- Review & monitor the Information Security program with respect to the general status of the security program (quantitative & qualitative).
- Review and approve priorities set in the risk register.
- Set and approve planned activity priorities within the risk register based on overall risk/impact to the institution.
- Assign ownership for documented risks in the register.
- Serve as a steering committee for risk management decisions that affect the college (more than just technology decisions). Specifically, these are often cases where a risk owner is outside of IT and wants to accept a risk that IT would prefer to be remediated.
- Occasionally asked to review security program documentation that would not rise to being board level.
- Review & determine how to respond to any external audit findings that might be raised.
- Through the regular process of risk management, accumulate audit evidence that proves that senior management is informed & engaged in the process of managing security risks as a due diligence aspect of response to regulations such as GLBA (especially 12 CFR part 314.4).
Scope:
The initial ISSC membership will be decided based on decision making authority and cybersecurity activity impact on behalf of Wheaton’s key operational divisions.
Current Committee Members:
- Jane Bilezikian, Director of Advancement Services
- Carlos Garcia, Controller
- Billy Keller, Director of Infrastructure and Security
- Diane Krusemark, Registrar
- Karen Lee, Provost
- Stan LeTarte, CISO DeepSeas Security
- Daniel Burden, Professor, Chemistry
- Chad Rynbrandt, Vice President of Finance and Operations
- Amanda Franklin, (interim) General Counsel
- Alan Wolff, Chief Information Officer, Chair