Security Technologies Sub-Committee
Approved: September 2016
Through a fully integrated technology security system, the university enhances and preserves both the virtual and physical safety of staff, students, guests, and faculty. As part of the Northern Illinois University information technology governance structure, the Security Technologies governance sub-committee derives its authority from the IT Steering Committee (ITSC).
This sub-committee ensures the university addresses issues in a pragmatic manner while fostering an efficient, effective, safe, and secure environment. Conditions and practices are designed to address critical access needs in a manner which minimizes risk and maximizes physical asset and sensitive information protection.
- Create and implement policies, procedures and standards for security cameras, door access, and other security technologies. This work includes:
- Reviewing, approving, or withholding approval of proposed activities related to campus security cameras, door access and data produced or requested.
- Providing ongoing evaluation of the institution's physical security technology systems, identification of system gaps, and recommendations for strategic enhancements to physical security technology systems and procedures as well as the data they produce.
- Annually reviewing Public Safety’s assessment of all NIU properties, recommending areas for further analysis.
- Contributing to an institutional database of security technology equipment and software.
- Reviewing all requests for expanding security technology systems or access to related software and equipment;
- Creating policies and procedures for coordinating and overseeing system component testing.
- Consult with the End User Technologies governance sub-committee to review and advise on their recommended policies, procedures and standards to ensure end-user information security. The end-user environment includes such things as workstations and mobile devices, wireless technologies, and network hubs.
- Recommend ways to standardize and continually improvement federal, state, local and institutional security regulation requirements such as CJIS, FERPA, HIPAA and PCI compliance requirements.
- Develop university-wide information security training implementation plan that ensures compliance across all divisions.
- Recommend the suspension of activities involving security technologies when not conducted in accordance with the law, institution's policy and applicable provisions of security technology.
- Review and recommend revisions to the university’s information security strategy and the underlying technology solutions.
- Ensure staff receive necessary and appropriate training on any new technologies implemented through this committee; training , coordinating training on the maintenance and use of security systems
The Security Technologies Sub-Committee is composed of faculty, staff and students who provide comprehensive representation from the NIU community.
Members may be nominated by anyone, but the IT Steering Committee approves all initial members and subsequent membership changes.
Members are expected to represent the best interest of the entire institution and not just their own unit. However, members are also expected to communicate the activities and decisions of the sub-committee back to their own unit and bring unit concerns back to the sub-committee.
Members will serve three-year terms, with membership terms staggered in equal measure throughout the sub- committee. All members may serve consecutive terms.
All members are expected to attend and participate in each meeting. If a member is unable to attend, a substitute should be authorized to attend and vote on behalf of the official committee member.
|Academic Affairs||Sue Mini||Vice Provost for Research and Planning|
|Administration and Finance||John Heckman||Associate Vice President, Facilities Management and Campus Services|
|Human Resource Services||Celeste Latham||Associate Vice President, Administration and HR, Operations|
|Division of Information Technology (non-voting)||Chair, Andrew Bjerken||Associate Vice President, Chief Information Security Officer|
|Mike Bertolani||Information Security Analyst|
|Facilities Management||John Heckmann||Associate Vice President|
|Institutional Advancement / Foundation||Tim Webster||Network Administrator, Development Operations|
|Intercollegiate Athletics||John Cheney||Associate Director|
|Outreach, Engagement and Regional Development||Andy Mazur||Technical and Site Coordinator|
|Police and Public Safety||Tom Phillips||Chief of Police|
|Research and Innovative Partnerships||Michele Crase||Lab Safety Manager|
|Student Affairs and Enrollment Management||Kelly Wesener-Michael||Associate Vice President, Student Affairs|
The chair will be responsible for:
- Calling all meetings;
- Setting meeting agendas;
- Collecting sub-agendas from functional leads;
- Presiding at all meetings;
- Ensuring that minutes are compiled for each meeting;
- Finalizing minutes before distribution;
- Enforcing committee procedures;
- Preparing information for presentation to the ITSC; and
- Presenting Sub-Committee recommendations and reports to the ITSC.
Committees should schedule meetings on a monthly basis (or as determined by the Chair) to review the activities of its committees; approve/deny requests for purchases, system enhancements, or changes in active protocols or policies; establish priorities for resources; and develop recommendations for resources and proposals to be routed to the ITSC.
This Sub-Committee will report to the ITSC via one of the following methods:
- attendance of the Chair at ITSC meetings to present recommendations and report on activities;
- updates from members to their ITSC representatives regarding sub-committee activities and discussions;
- joint meetings of the Security Technologies Sub-Committee and ITSC as requested by either group.
Submitting a Request
Each request to the Security Technologies Sub-Committee and/or security committees should be written in the form of a proposal which will include: requestor or requesting body; description of the request; rationale or justification; available alternatives; funding strategy; project timeline.
Proposed significant changes to an active protocol must also go through this approval process.
Requests should be specific to security systems, their expansion, modification or upgrade; changes in security systems protocols; and/or the purchase of equipment and software that integrate with security technology systems.
- Submission of Request. When requests are submitted, the Chair will acknowledge receipt and assign a protocol number.
- Initial Review. The request will be reviewed by the Chair or designee to ensure that it is complete and prepared correctly. If the initial reviewer has questions, recommendations, or concerns, the submitter will be notified by the Chair and asked to respond to the questions in writing. The request is held until a response is received.
- Formal Approval. The final submitted request is presented at a convened quorum of the full sub-committee for review and vote. The sub-committee’s decision to approve or disapprove the request is noted in the minutes; the sub-committee may approve the request pending modifications, in which case the request will be approved upon receipt of the requested modifications by the chairperson. The sub-committee may also table the request and require major modifications, in which case the request will be re-submitted for review pending receipt of the revised request.
- ITSC Review: recommendations will be passed along to the ITSC for review.
- Notification of Approval/Disapproval: The Chair will send the requestor written notification stating approval or disapproval of the request. The reasons for disapproval will be given to the requestor who may ask for a meeting of a convened quorum or resubmit a revised request.