Skip to main content

Information Security Management

Northwestern IT’s Information and Systems Security/Compliance (ISS/C) uses the Information Standards Organization’s (ISO) Standards for Security Management (27001) and Security Practice (27002) in support of the University’s Information Security Management System PDf (ISMS). Northwestern’s ISMS is influenced by the University’s business plans, needs and objectives, security and compliance requirements, and existing/anticipated operations; it is designed to be responsive and flexible, and accommodating of the University’s dynamic environment.

The ISMS is a systematic and measureable approach to establishing an information security practice, emphasizing the importance of:

ISS/C selected the ISO standards as they map reasonably well to the operations of the University, and adopted the risk analysis process as required by ISO.  Using a combination of survey and interviews, ISS/C helps identify risk, establishes priorities for mitigation, and selects and develops the relevant policies and standards for implementation.

To help facilitate awareness of the ISMS, ISS/C offers the Information Systems Security Plan/Practices (ISSP/P) PDf document that summarizes the operational framework, provides expeditious access to policy statements, and helps identify and describe procedures for the appropriate use and protection of University data. ISS/C applies updates to the ISSP/P as policies are added, revised or deleted.   

Last Updated: 10 April 2017

Get Help Back to top