The primary goal of William & Mary's Information Security program is to protect the information assets supporting the university's primary business functions. The program is aligned with the ISO/IEC Information Security Standard (ISO 27002:2013) and has the following objectives:
- Identify, assess, and treat information security risks.
- Develop and communicate information security policies, standards, and guidelines.
- Promote an effective information security awareness and training program commensurate with the needs of the university.
- Secure W&M's information assets including hardware, software, data, and infrastructure.
- Provide identity management services for W&M's information systems.
- Maintain an Information Technology disaster recovery plan that meets the recovery time objectives set forth in the university COOPs.
- Manage and respond effectively to information security incidents.
Support W&M compliance efforts related to IT and Information Security.
Information Security is Everyone's Responsibility!