CISO Advisory Council
Purpose
The CISO Advisory Council (CISOAC) provides guidance to the Chief Information Security Officer (CISO) as part of maintaining a business-driven, risk-informed Information Security Program (ISP) at Carnegie Mellon University.
Scope
Review campus-wide information security initiatives and provide insight and advice to the CISO.
Structure
The CISOAC is composed of university thought leaders with subject matter expertise spanning information security, information technology, privacy, and policy and compliance.
Membership Expectations
- Attend and participate in Bi-annual meetings
- Provide candid feedback on operational practices, document drafts, and ad hoc requests for comment
- Provide pointers to resources and opportunities for collaboration with other internal or external experts on relevant initiatives
- Invitation only, no delegates may be sent on members behalf
- Participation is by request and mutual agreement of the CISO and invitee, with membership rotation using 2-4 year appointments