Every CSU campus is required to have an
Information Security Officer and staff to comply with a set of standard Information Security policies and practices.
The Virtual Information Security Center (VISC)
provides a set of Information Security services for participating
campuses that are typically provided by the campus’ Information
Security Office and staff, including information security risk
management, incident management, standards/procedures development,
monitoring, and information security product evaluation.
The VISC focuses primarily on security services that are
common to all campuses and can be effectively delivered “virtually.”
The VISC is a virtual organization comprised of staff
resident on multiple CSU campuses that operate under a uniform
governance and management structure.
Operations of the VISC are overseen by a qualified
Information Security Officer (ISO).
The VISC priorities, operational plans and service levels are
approved by a governance group comprised of the CIOs of the
The VISC benefits campuses in several ways.
For those currently fully staffed with information security
professionals who provide a full range of services to their campus,
the VISC provides an opportunity to reduce costs by leveraging the
economies of scale of the Center.
For campuses not able to offer the full complement of
required security services (due to budget or staffing constraints),
the VISC provides a more cost effective means to close the gap
between required and offered services.
Long-term, the VISC offers the CSU a way to curtail the
growth of information security costs (assuming a fairly constant
regulatory and risk environment) by pooling expertise and leveraging
technology to perform tasks common to all campuses.
The goal of the VISC is to accommodate as many
campuses as are interested in participating.