- University of La Serena
Information Security Committee
Information Security Committee of the University of La Serena
The Information Security Committee of the University of La Serena is a transversal body, whose creation responds to the need and commitment to manage the information security of the Institution as a process of continuous improvement, which must be fulfilled within the framework of current legal and regulatory standards, based on the Chilean standard NCh ISO 27.001, the cybersecurity guidelines issued by the State of Chile and, if required, the inclusion of best practices or national and international regulations, in order to complement specific areas necessary to comply with the demands of the institutional functions. All of the above, through the execution of the activities and tasks that are necessary to establish the security levels that the Institution itself determines, in order to identify, evaluate and control the risks that could affect the confidentiality, integrity and availability of data. all its relevant information assets, as a key principle in the management of its processes.
COMMITTEE MEMBERS
Vice Chancellor for Economic and Administrative Affairs
Dr. Hector Cuevas Larenas
Director of the Strategic Development and Quality Department
Ms. Viviana Vasquez
Internal Controller
mg. Enrique Acevedo Gonzalez
HR director
Miguel Sanchez Sanchez
Director of the Center for Informatics and Computing
mg. Luis Andres Moya Baeza
Director of Services
----------
Teaching Director
-------
CFO
mg. Jose Ojeda Cossio
Lawyer Legal Advice
mg. Julio Landaeta Pastene
Network and Datacenter Coordinator CICULS
mg. Carlos Pedreros Lizama
Institutional Security Officer CICULS Operations Coordinator
Mg. Marcelo Zepeda Dubo
Features
1. Manage the Information Security Policy and supervise that the activities carried out by both the academic and administrative units in these matters are in accordance with said Policy, as it is a matter of Law.
2. Define and submit for the corresponding approval, the implementation of standards linked to the information security policy.
3. Identify, evaluate and follow up on corrective actions to solve audit observations together with reporting non-compliance to the Direct Supervisors and the Internal Comptroller.
4. Approve the methodologies and processes related to risk assessment and information security.
5. Identify significant changes that could generate risks in the processing of information.
6. Propose solutions and evaluate the suitability and coordination in the implementation of information security controls.
7. Establish means for staff awareness and training on information security issues.
8. Evaluate the information received from information security incidents, issuing recommendations for their prevention, detection and correction.
9. Recommend to the Center for Information Technology and Computing and the Office of the Vice-Rector for Economic and Administrative Affairs, regarding opportunities for improvement in the Information Security Management System (ISMS), as well as relevant incidents and their solution.
FAQs
R: Are all those relevant elements in the production, issuance, storage, communication, visualization and recovery of information of value for the institution, in which three levels are distinguished: (a) The information itself, in its multiple formats (paper, digital, text, image, audio, video, among others) (b) The equipment/systems/infrastructure that support this information (c) The people who use the information, and who have knowledge of the institutional processes