Information Security and Privacy Program

Information Assets and Information Technology (IT) Resources are valuable and essential to furthering the mission of Purdue University. Administrative, technological, and physical safeguards are required to protect these assets to support our mission, to meet our legal and regulatory obligations, and to preserve privacy.

This Information Security and Privacy Program, administered through the Office of the Vice President for Information Technology under the leadership of the Chief Information Security Officer, IT Security and Policy, is established in support of the Information Security and Privacy Policy (VII.B.8). This program promotes, through standards, procedures, guidelines, and information sharing, an internal controls environment designed to maintain, facilitate, and promote protection of Information Technology (IT) Resources and Information Assets.

Mission

Support Purdue’s mission by protecting the confidentiality, integrity and availability of Information Assets and Information Technology (IT) Resources.

Goals

  • Align the information security organization’s efforts to advance the University mission of discovery, learning and engagement while supporting privacy, legal and regulatory obligations
  • Partner with stakeholders as trusted advisors and enablers in the acquisition or development and configuration of technologies to further protect the security and resilience of IT Resources and Information Assets consistent with related policies, procedures, and guidelines
  • Approach security from a risk management perspective
  • Promote organizational awareness of information security responsibilities and affect behavior through awareness and training
  • Collaborate with community organizations and other educational institutions to increase awareness of the threat landscape and protections with increased insight, outreach, and sharing of cybersecurity information
  • Promote proactive and adaptive processes with a commitment to continuous improvement
  • Evolve security strategies, standards and procedures to maintain relevance to changes in business processes, technologies, laws and regulations, or identified risks

The Information Security and Privacy Program Components

The Information Security and Privacy Program components are based upon safeguards provided by the National Institute of Standards and Technology (NIST) Cybersecurity Framework and are aligned with strategies to advance Purdue University’s mission and support privacy, legal and regulatory obligations. The Framework guides Purdue’s information security program through incorporating the Framework’s core functions of Identify, Protect, Detect, Respond and Recover to address current strategic priorities with the understanding that there is room to mature those and strengthen others as risks evolve.  

The NIST Cybersecurity Framework maps to supporting controls identified in NIST SP 800-171 Protecting Unclassified Information in Nonfederal Information Systems and Organizations. Additional guidance for IT Resource Owners for secure configuration of systems is supported by the Center for Internet Security (CIS) resources.

What You Need to Know

All individuals who use, have access to, or provide technical support of University Information Assets and IT Resources have responsibilities maintaining the confidentiality, integrity, and availability of these assets. The Secure Purdue website provides you the following information and resources to help you: