Virtual Information Security Center
Every CSU campus is required to have an Information Security Officer and staff to comply with a set of standard Information Security policies and practices.
The Virtual Information Security Center (VISC) provides a set of Information Security services for participating campuses that are typically provided by the campus’ Information Security Office and staff, including information security risk management, incident management, standards/procedures development, monitoring, and information security product evaluation. The VISC focuses primarily on security services that are common to all campuses and can be effectively delivered “virtually.” The VISC is a virtual organization comprised of staff resident on multiple CSU campuses that operate under a uniform governance and management structure. Operations of the VISC are overseen by a qualified Information Security Officer (ISO). The VISC priorities, operational plans and service levels are approved by a governance group comprised of the CIOs of the participating campuses.
The VISC benefits campuses in several ways. For those currently fully staffed with information security professionals who provide a full range of services to their campus, the VISC provides an opportunity to reduce costs by leveraging the economies of scale of the Center. For campuses not able to offer the full complement of required security services (due to budget or staffing constraints), the VISC provides a more cost effective means to close the gap between required and offered services. Long-term, the VISC offers the CSU a way to curtail the growth of information security costs (assuming a fairly constant regulatory and risk environment) by pooling expertise and leveraging technology to perform tasks common to all campuses.
The goal of the VISC is to accommodate as many campuses as are interested in participating.