Columbia University Information Security Office (CISO)

The Columbia University Information Security Office (CISO) defines and implements University-wide policies, procedures, standards, and functions spanning across , IT Governance, Network Security, Application Security, and Identity & Access Management. The CISO also promotes campus wide security awareness and culture (through participation in technology deployments, trainings, presentations, meetings, and communications with various stakeholders)


The Columbia University Information Security Office consists of four groups:

Network Security

The Network Security Group monitors network for signs of compromised systems, investigates security violations, and acts as a liaison with law enforcement, General Counsel, and Deans.

IT Policies & Risk Assessment

IT Policies & Risk Assessment manages security policies, standards, and guidelines. They also manage the security awareness program.

Identity & Access Management

IAM manages login services, user account provisioning, user entitlement and privileges. IAM also supports the physical security system (i.e., Lenel).

Application Security

Application Security manages security and access to the HR system (PAC) and mainframe systems.



What is information security? Why is it important? What do I need to know and do? 

IT Security Training 101

IT Security Handout


How can I keep my information secure? How can I do my part for the greater Information Security of the University?

First Steps to Secure Your Computer


Information security is everyone’s concern and you must read, understand, and comply with Columbia University’s policies.

University IT Policies