An adopting Organization will also need to notify the University’s Chief Information Security Officer (CISO) and the Office of Legal Counsel (OLC) of its intention to implement this policy framework within their operation. This can be accomplished by contacting CISO@uchicago.edu. Both Offices are needed to help the Organization achieve a satisfactory cyber security and data privacy implementation.
Each of the cyber security policy templates contain a section of “risk based controls” that are classified as Core, Low, or Moderate. Low and Moderate have the meanings assigned them by FISMA; Core controls are basic measures that should be in place across the Organization. Most research with sensitive data at UChicago is sufficiently secured by meeting the Core and Low control statements. This determination must be established for each adopting Organization in consultation with the CISO and OLC.
Policy Owner:UChicago CISO