Information Security Advisory Committee
The Information Security Advisory Committee (ISAC) is an IT Governance advisory committee that provides recommendations and updates related to the delivery of the information security program from a comprehensive campus perspective.
Structure
A non-Northwestern Information Technology or information security leader serves as co-chair of this committee with a Northwestern IT associate vice president. The committee reports to the IT Executive Committee for strategic and policy support and the Infrastructure Advisory Committee (IAC) for tactical and operational activities.
Purpose
The committee reviews policies and recommends direction to ensure that the institutional security program is delivered with campus-wide input and direction and that priorities, policies, and programs that are approved are understood and acted upon at the schools and departmental level across campus.
Objectives
- Develop an active Northwestern security community to raise awareness on critical threats, vulnerabilities, and other security-related topics.
- Identify opportunities and recommend actions on shared security tools and services.
- Define and communicate recommended security practices and procedures to the IT@NU community.
- Identify and escalate security-related policy questions to the IT governance advisory committees and other appropriate governing bodies (e.g., the Policy Review Committee).
- Facilitate tangible improvements to Northwestern’s information technology security posture, protecting data for all members of the community, but in particular for faculty researchers.
- Develop University guidelines and best practices for security in response to security events that have or may have an impact on the University community.
Operating Principles
- The committee is expected to meet every month, or more frequently if the committee desires.
- The committee will maintain an active information set:
- Risk list
- Incident trends
- Projects
- The committee lead will report to the IAC quarterly, providing a summary of the active information set.
- The committee will provide an annual brief on security at Northwestern based on the previous year’s activities and anticipated next steps.
- The committee will interact with other advisory groups as needed for topics that range across groups, including, but not limited to, identity and access management, endpoint management security working group, and security awareness.
- The committee may recommend the formulation of a working group where activities recommend this action.
Members
- Brandon Grill, Senior Director of Technology Planning & Security, Northwestern Information Technology (Co-Chair)
- James Rich, Director IT Program Management, Kellogg School of Management (Co-Chair)
- Nowell Arnold, Associate Director, Information Security and Deputy Chief Information Security Officer, Northwestern Information Technology
- Christel Bridges, Director of Information Technology, Pritzker School of Law
- Myndi Brown, Associate Director, Identity and Access Management, Northwestern Information Technology
- David Carr, Associate Vice President, Cyberinfrastructure, Northwestern Information Technology
- Steve DiDomenico, Assistant Director of Systems & Support, Student Affairs
- Michael Jara, Senior Director, Information Security, Feinberg School of Medicine
- Joseph Kurtin, Director of Technology Support Services, Northwestern Information Technology
- Steve Kwak, Director of Processing and Information Management, Northwestern Information Technology
- Nishant Rao, Director of IT Infrastructure and Security, McCormick School of Engineering and Applied Sciences
- Alex Ruiz, Systems Administrator, Weinberg College of Arts and Sciences
- Michael Satut, Senior Director of Information Technology, Weinberg College of Arts and Sciences
- Matthew Stork, System Administrator, Northwestern Libraries
- Scott Terry, Manager of Endpoint Device Management and Support, Northwestern Information Technology