Skip Navigation
Search

Information Security Program Council

  • Organization

    Organization

    Security Program activities will be divided into those of the Information Security Program Council (ISPC) and ISPC Working Groups.

    The Information Security Program Council (ISPC) has been identified and authorized by senior leadership to implement the Program and publish related policy, procedure and standards. This broad-based group represents stakeholders for business, academic, and instructional activities for the campus. It also includes the chairs of each established working group.

    The ISPC acts to set information security program priorities, responds to input from the working groups, helps to assure appropriate allocation of resources, and acts to formally adopt policies and procedures. In addition to working group team leads, it consists of a core group of senior leaders and others who have a vested interest in assuring the success of the information security program.

    The Information Security Program Council (ISPC) actively assesses risks, threats, and mechanisms for responding to the threats to form a comprehensive information security program.

    The Information Security Program Council may, in turn, establish domain specific working groups as necessary and coordinate their activities; these working groups will either be established as Standing or Ad Hoc. Working groups consists of persons with expertise in information security and/or University business, persons representing areas having considerable information assets, and persons with knowledge and / or authority of key information technology infrastructure components.

  • Roles

    Roles

    Senior Leadership. The university’s employee(s) with the duties, authority and ultimate responsibility to oversee the Information Security Program’s implementation referred to in Policy P300.

    An Information Security Program Council Member. A person with named responsibility and area of expertise participating in the Information Security Program Council. Some people may be formal members yet only participate when needed; some may participate on more than one ISPC domain specific working group; and some may not be university employees. The DoIT Information Security Department and ISPC Working Group Chair(s) will be permanent members of the ISPC.

    An Information Security Working Group (ISWG) Member. A person with named responsibility and area of expertise participating in an Information Security Working Group (Working Group). Some people may be formal members yet only participate when needed; some may participate on more than one ISPC domain specific working group; and some may not be university employees.

    Information Security Officer. An Information Security Program Council member authorized to manage the Program for a domain of the university.

    Security Administrator. A person with named responsibility in an area of expertise and/or operations with significant effect on the university’s security posture. Some Security Administrators may be ISPC members or Working Group members. Those that are not Members still have the duty and right to present issues and alerts to the Information Security Program. They participate as needed in Program functions, such as presentation of information and issues, investigating, studying, and reporting.

    Information Security Working Group Chair. A Working Group Member that leads, organizes, facilitates, etc., a domain-specific working group. All Working Group chairs are members of the Information Security Program Council.

  • Governance Chart

    Governance Chart

    ISPC Governance Chart

  • Members

    Members

    Senior Executives
    Name Title
    Charlie McMahon Senior Vice President, Information Technology & CIO
    Lyle Gomes Vice President for Finance and Chief Budget Officer
    Information Security Officers
    Name Title Supervisor Domain
    Matthew Nappi (ISPC Chair) AVP & Chief Information Security Officer Charlie McMahon Stony Brook University business functions, especially all engaged in "Sensitive Information," as defined in the university's policy.
    Andrew Hoffman (ISPC Chair) Associate CISO & HIPAA Security OFficer Gerald Kelly, Matthew Nappi Stony Brook Medicine business functions, especially all engaged in “Sensitive Information,” as defined in the university’s policy.
    Working Group Chairs
    Name Working Group
    Larry Zacarese Incident Response Working Group
    John Gianmugnai Security Training and Awareness
    Jeff Mackey Business Compliance
    EDUsec and MEDsec Individual Members
    Group

    Members

    EDUsec

    Victor Montanez (DoIT)

    Ken Myung (DoIT)

    Jim Gonzales (DoIT)

    David Cyrille (DoIT)

    Henry Joseph (DoIT)

    Diana Voss (DoIT)

    MEDsec

    Daniel Scott (ELIH)

    Mike Gillen (SBSH)

    Angela Demmer (Veteran's Home)

    Kevin Kenny (SBMIT)

    John Hennessey (SBMIT)

    Dennis Gallagher (SBMIT)

    DoIT Information Security
    Name
    Eric Johnfelt
    Mark Velazquez
    Sean Burrowes
    Sanjay Kapur
    Other
    Name Title
    Jennifer Sinatra Senior Manager & Ethics Officer, State Payroll & Employee Records
    Michael Mooney Senior Associate Registrar
    Diane Bello University Registrar
    Marrisa Trachtenberg Assistant to the President for Policy, Compliance and Presidential Initiatives
    Douglas Panico Assistant Vice President, Audit & Management Advisory Services
    Stephanie Mantione-Musso Chief Privacy Officer (SBM)
    Braden Hosch AVP for Office of Institutional Research, Planning and Effectiveness
top