This project sought to define our desired future state and create an information security strategy and roadmap for the next 10 years. The project completed in July 2022.
The Information Security Strategy project's Design Team has created and reviewed a multi-year strategic roadmap. It includes an updated mission and vision, as well as recommendations on organizational design to support the future program.
Mission and Vision
- Mission: The mission of West Virginia University's information security program is to advance and empower the University’s teaching, learning, research and service pursuits by safeguarding its information assets from threats and ensuring the confidentiality, integrity, and availability of its systems and data.
- Vision: To support and catalyze West Virginia University’s vision of advancing knowledge and bringing valued solutions to real-life problems in the areas of education, healthcare and prosperity, the institution’s information security program will become a strategic asset that anticipates the future of information security, balances security requirements with the need to innovate and experiment and promotes education and awareness for information security to advance a culture of shared responsibility across the university's diverse community.
- One Unified Information Security Program: Align to a single information security program that ensures consistency, scalability and efficient use of resources, while recognizing the need to support teaching, learning and research.
- Shared Responsibility: Enable all University stakeholders to build a culture of information security by increasing awareness and offering education.
- Ensure Security, Prioritize Usability: Implement security controls based on risk and avoid controls that introduce unnecessary complexity or do not add value.
- Continuous Improvement: Continuously measure program effectiveness for opportunities to improve, cultivate security excellence and anticipate the future.
- Minimize the Attack Surface: Reduce redundant services that expand attack surface, introduce complexity or reduce efficiencies.
- Regulatory Compliance: Comply with federal, state and local laws and any contracts, agreements or University policies that require WVU to deploy security safeguards, and do so in a cost-effective manner.
- Align current information security activities into a unified security program that supports WVU's overall mission.
- Develop a culture of information security.
- Implement a risk-based strategy.
- Improve resilience capabilities and business continuity planning for WVU's information assets.
- Enhance information security support for research.
- Strengthen security fundamentals.
- Improve Identity and Access Management.
Senior management will prioritize options within the roadmap to determine when to launch initiatives that will continue to drive WVU’s Information Security program forward.