Information Technology systems are essential to the efficient and effective operation of the North Dakota University System. As such, CTS has a responsibility to safeguard information created, collected, or distributed within its environment and protect it from unauthorized disclosure, modification, or destruction. The degree of data and system protection is based on the nature of the information and its intended use.
To apply appropriate security safeguards, the NDUS Information Security Strategic Plan involves a multilayered approach.
Governance administers and manages the information security environment for the NDUS. The group that provides this oversite is the NDUS Information Security Council (ISC).
The foundation of the NDUS information security strategy is based on NDUS policies (1200 series), NDUS procedures, and NDUS Information Security Standards.
The Information Security Department (InfoSec), in collaboration with the NDUS Information Security Council (ISC), has identified 10 strategic initiatives aimed at protecting CTS systems and data from known cyberattack vectors. These initiatives aligned with the Center for Internet Security’s (CIS) 18 Critical Security Controls (CSC), which are a set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. InfoSec also utilizes the National Institute of Standards and Technology (NIST) Cybersecurity Framework (NCF) as the foundation for much of its security planning efforts.