Skip to main content
Penn Information Systems & Computing Systems Home

Search form

System Status
  • Get Started
    • IT Staff
    • Faculty
    • Staff
    • Students
    • Alumni & Guests
    • ISC Staff
  • Services
    • — Services A to Z —
    • Accounts, Access & Security
      • Access Management Services
      • Active Directory
      • Identity Management Services
      • Information Security Services
    • Applications & Data Analytics
      • Application Development & Delivery
      • Data Analytics
        • Data Analytics at Penn
      • Integration Development & Delivery
    • Backup, Storage & Platforms
      • BackItUp
      • Cloud Solutions
      • Data Center & Colocation Solutions
      • Database & Application Platform Support & Consulting
      • Endpoint Management
      • Recovery Solutions
      • Storage
      • Virtual Desktop
      • Virtual Server Hosting
    • Community, Support & Learning
      • Classroom Technology Services
      • Desktop Engineering
      • IT Community Events
      • LinkedIn Learning
      • Tech Center
    • Consulting & Professional Services
      • Brokered Products
      • HireIT
      • Systems Support & Consulting
      • Technology Forecasting
    • Email, Calendaring & Collaboration
      • Classlists
      • Penn Email Routing
      • PennBox
      • PennNet Mailing Lists
      • PennO365
      • PennZoom
      • SMTP-Relay
      • Secure Share
    • Networks & Connectivity
      • Firewall Services
      • Network Design & Installation
      • PennNet
        • Network Names & Numbers
        • MAGPI (Penn's Internet2 Regional Optical Network)
      • PennNet Ethernet Ports
      • Wireless at Penn
    • Phone, TV & Video
      • Broadcasting Studio
      • Contact Center
      • Live Video Streaming
      • Penn Video Network
      • PennFlex Phone
      • PennNet Phone
      • Traditional Telephony
      • Video Content Management
      • Video Production
        • Producing Video Content
    • Web Hosting
      • Web Services
    • — Service Rates —
    • — Service Level Agreements —
  • Security
    • Office of Information Security
    • Security Services
    • Special Projects
    • Policies & Procedures
    • Training & Awareness
  • Collaborations
    • Computing Policies
    • Engaging Penn’s IT Community
    • Identity & Access Management
    • Penn IT Strategic Plan
    • Cloud First
    • Next Generation Unified Communications
    • Penn Bot
    • IT Advisory Groups
      • Common Solutions
      • IT Roundtable
      • Network Policy Committee
      • Penn Technology Investment Committee (PTIC)
        • About PTIC
        • The PTIC IT Development Fund
    • Special Interest Groups (SIGs)
      • Audio-Visual (AV-SIG)
      • Cloud Computing (Cloud-SIG)
      • Data Visualization (DataViz-SIG)
      • Developer SIG (Dev-SIG)
      • High-Performance Computing (HPC-SIG)
      • Instructional Technology SIG
      • Linux SIG
      • Macintosh Networking Group (MacNet)
      • Mobile Technologies (Mobile-SIG)
      • O365 Special Interest Group
      • PC Networking Group (PC-Net)
      • Project Partners SIG
      • Security SIG
      • Social Media SIG
      • Splunk Special Interest Group
      • Super User Group (SUG)
      • Web SIG
    • Technology Services Strategy Review Board
  • News
  • Events
  • About
    • Overview
    • Leadership & Groups
    • Purpose & Values
    • Strategic Goals
    • Recognition
    • Staff Profiles
    • Tech Jobs @ Penn
    • Contact Us
  • Hot Topics
  • Get IT Help
    • Help for Students
    • Help for Faculty & Staff
    • Help for Alumni
    • Help for Guests & Others
    • Resources for IT Staff

You are here

Home » Security Liaisons Roles & Responsibilities

Security Liaisons Roles & Responsibilities


Introduction

Each of Penn's Schools and Centers must have a designated Security Liaison who works both inside the organization and with ISC's Information Security Office to strengthen Penn's security layers and to identify and address risks and opportunities for the security of Penn Systems and data. The goals of this initiative are to raise security knowledge in those responsible for security initiatives, broaden awareness of security practices across organizations, provide a designated local security point of contact of Penn-wide and School or Center-based initiatives, and to ensure compliance with University information security policies and procedures. Active participation in the Security Liaison Council is expected.

Roles and Responsibilities of Security Liaisons

  1. Be knowledgeable of Major Security Issues, Policies, and Programs at Penn Including:
    • Familiarity with Penn's information security policies, procedures, publications, initiatives, and other resources located on Penn's Information Security homepage -- www.isc.upenn.edu/security/overview
    • Understanding of Penn's legal and regulatory obligations regarding information security
  2. Actively Promote Security Awareness in School or Center
    • Establish and maintain a security awareness program specific to individual school or centers leveraging both University-wide pertinent policies, publications, and tools, as well as incorporating knowledge of specific school/center risks gained from tools, such as SPIA. Examples of types of communications that can be used include:
      • Almanac "One Step Ahead" Privacy and Security Tips. These tips may be copied for use in newsletters, on websites, on posters, and via other media. Or they can be linked to from your websites.
      • Brochure: Guide to Information Security & Privacy are available from the Information Security Office. Consider the quantity and placement of such brochures appropriate to your School or Center.
      • Information Security Training classes are taught at least annually and frequently more often.
    • Assess the need for additional information security training, written guidance, and other tools that can be provided through the Information Security Office or through University-wide best practices.
    • Be proactive in promoting Security Initiatives in the school or center whether new or existing. Current examples include:
      • Social Security Number Policy
      • Security and Privacy Impact Assessment ("SPIA") Program
      • E-Discovery Policy
    • Serve as Proactive Security Champion in School or Center
      • Act as an advocate for information security on a proactive basis with respect to School- and Center-based initiatives and programs.
  3. Serve as Contact Person in Case of Security Incident
    • Serve as a contact person in the School or Center in case of an information security incident; assist in gathering and appropriately distributing information regarding the incident and developing a response, working closely with ISC Information Security, for the appropriate senior leadership in the school or center and/or other appropriate personnel.
    • Maintain the confidentiality of information and situations concerning Penn security incidents whether restricted to the individual school/center or whether other Schools/Centers may be affected.
  4. Actively participate with other Security Liaisons in an on-going Security Liaisons Council
    • Share, as appropriate, problems, concerns, and best practices with other Security Liaisons
    • Learn from the Office of General Counsel and Division of Public Safety and ISC Security Office about how to best coordinate information security activities internally and potential with external agencies

Visit ISC on LinkedIn

Print
InfoSec Home
Resources
  • InfoSec Policies & Procedures
  • Information Security Services
  • ISC Client Care
  • ISC Training & Awareness
  • SPIA
  • V-STAR
Contact InfoSec
  • Computing Policies
  • Tech Jobs @ Penn
System Status

© 2023 THE UNIVERSITY OF PENNSYLVANIA — 3401 Walnut Street, Philadelphia, PA 19104 — Report accessibility issues and get help — For ISC Staff