The following specific assignments of administrative authority and responsibility are hereby delegated to the Vice Provost for Computing and Information Technology to assist and act for the President. The Vice Provost for Computing and Information Technology shall:
1. Have responsibility for:
a. Implementation of effective and practical technology, expertise, and processes to secure the network and computing infrastructure of the University.
b. Development and implementation of a security awareness program to be offered periodically to all University faculty, staff and students.
c. Development of a risk assessment procedure to be used for new systems and ongoing monitoring of all existing University systems.
d. Development of global, effective and practical University policies, procedures, guidelines and best practices related to information assurance and security.
e. Creation of incident response procedures to handle instances where University assets are compromised, including problem resolution and appropriate internal/external communications.
2. Have authority to disconnect any device or disable any account if it is believed that either is involved in compromising the information security of the University until such time it is demonstrated that the device or account no longer poses a threat. Devices will not be disconnected without consultation with agreed upon departmental or unit officials, unless a critical situation exists (i.e., serious vulnerability, denial of service attack, worm or virus attack) and organization officials cannot be contacted quickly.
3. Have authority to stop application development or deployment efforts if it is found during a Risk Assessment that the impact of a particular threat will compromise the information security of the University, until a remedy is implemented to reduce or eliminate the impact of that threat.
In exercising this delegated authority, administrative decisions and approvals shall be in accordance with applicable laws, regulations and University policies and procedures. Deviation from these policies will require advance written approval by the President of the University.
University's Administrative Council - December 4th 2007