• Home
• About IT
• Organization and Leadership
• IT Governance
• Information Security Advisory Committee

Information Security Advisory Committee

The Information Security Advisory Committee (ISAC) is an IT Governance advisory committee that provides recommendations and updates related to the delivery of the information security program from a comprehensive campus perspective.

Structure

A non-Northwestern Information Technology or information security leader serves as co-chair of this committee with a Northwestern IT associate vice president. The committee reports to the IT Executive Committee for strategic and policy support and the Infrastructure Advisory Committee (IAC) for tactical and operational activities.

Purpose

The committee reviews policies and recommends direction to ensure that the institutional security program is delivered with campus-wide input and direction and that priorities, policies, and programs that are approved are understood and acted upon at the schools and departmental level across campus.

Objectives

1. Develop an active Northwestern security community to raise awareness on critical threats, vulnerabilities, and other security-related topics.
2. Identify opportunities and recommend actions on shared security tools and services.
3. Define and communicate recommended security practices and procedures to the IT@NU community.
4. Identify and escalate security-related policy questions to the IT governance advisory committees and other appropriate governing bodies (e.g., the Policy Review Committee).
5. Facilitate tangible improvements to Northwestern’s information technology security posture, protecting data for all members of the community, but in particular for faculty researchers.
6. Develop University guidelines and best practices for security in response to security events that have or may have an impact on the University community.

Operating Principles

1. The committee is expected to meet every month, or more frequently if the committee desires.
2. The committee will maintain an active information set:
   1. Risk list
   2. Incident trends
   3. Projects
3. The committee lead will report to the IAC quarterly, providing a summary of the active information set.
4. The committee will provide an annual brief on security at Northwestern based on the previous year’s activities and anticipated next steps.
5. The committee will interact with other advisory groups as needed for topics that range across groups, including, but not limited to, identity and access management, endpoint management security working group, and security awareness.
6. The committee may recommend the formulation of a working group where activities recommend this action.

Members

• Kristin McLean, Chief Information Security Officer, McCormick School of Engineering (Co-Chair)
• David Carr, Associate Vice President, Cyberinfrastructure, Northwestern Information Technology (Co-Chair)
• John Arends, Systems Administrator Lead, School of Communication
• Nowell Arnold, Associate Director, Information Security and Deputy Chief Information Security Officer, Northwestern Information Technology
• Brandon Grill, Director of Information Technology, School of Communication
• Steve Kwak, Director of Processing and Information Management, Northwestern Information Technology
• James Rich, IT Director, Kellogg School of Management
• Marvina Roebuck, Information Security Analyst, Feinberg School of Medicine
• Michael Satut, Senior Director of Information Technology, Weinberg College of Arts and Sciences
• Matthew Stork, System Administrator, Northwestern Libraries
• Scott Terry, Manager of Endpoint Device Management and Support, Northwestern Information Technology