Skip to main content

Information Security Management

Northwestern IT Information Security Office uses the Information Standards Organization’s (ISO) Standards for Security Management (27001) and Security Practice (27002) in support of the University’s Information Security Management System (ISMS) PDf . Northwestern’s ISMS is influenced by the University’s business plans, needs and objectives, security and compliance requirements, and existing/anticipated operations; it is designed to be responsive and flexible, and accommodating of the University’s dynamic environment.

The ISMS is a systematic and measureable approach to establishing an information security practice, emphasizing the importance of:

The Information Security Office selected the ISO standards as they map reasonably well to the operations of the University, and adopted the risk analysis process as required by ISO. Using a combination of survey and interviews, the Information Security Office helps identify risk, establishes priorities for mitigation, and selects and develops the relevant policies and standards for implementation.

To help facilitate awareness of the ISMS, the Information Security Office offers the Information Systems Security Plan/Practices (ISSP/P) PDf document that summarizes the operational framework, provides expeditious access to policy statements, and helps identify and describe procedures for the appropriate use and protection of University data. The Information Security Office applies updates to the ISSP/P as policies are added, revised or deleted.   

Last Updated: 21 December 2017

Get Help Back to top