Skip Navigation
Search
Division of Information Technology
Cybersecurity
HomeSecurity Policy & ComplianceInformation Security Program Council

Information Security Program Council

  • Organization

    Organization

    Security Program activities will be divided into those of the Information Security Program Council (ISPC) and ISPC Working Groups.

    The Information Security Program Council (ISPC) has been identified and authorized by senior leadership to implement the Program and publish related policy, procedure and standards. This broad-based group represents stakeholders for business, academic, and instructional activities for the campus. It also includes the chairs of each established working group.

    The ISPC acts to set information security program priorities, responds to input from the working groups, helps to assure appropriate allocation of resources, and acts to formally adopt policies and procedures. In addition to working group team leads, it consists of a core group of senior leaders and others who have a vested interest in assuring the success of the information security program.

    The Information Security Program Council (ISPC) actively assesses risks, threats, and mechanisms for responding to the threats to form a comprehensive information security program.

    The Information Security Program Council may, in turn, establish domain specific working groups as necessary and coordinate their activities; these working groups will either be established as Standing or Ad Hoc. Working groups consists of persons with expertise in information security and/or University business, persons representing areas having considerable information assets, and persons with knowledge and / or authority of key information technology infrastructure components.

  • Roles

    Roles

    Senior Leadership. The university’s employee(s) with the duties, authority and ultimate responsibility to oversee the Information Security Program’s implementation referred to in Policy P300.

    An Information Security Program Council Member. A person with named responsibility and area of expertise participating in the Information Security Program Council. Some people may be formal members yet only participate when needed; some may participate on more than one ISPC domain specific working group; and some may not be university employees. The DoIT Information Security Department and ISPC Working Group Chair(s) will be permanent members of the ISPC.

    An Information Security Working Group (ISWG) Member. A person with named responsibility and area of expertise participating in an Information Security Working Group (Working Group). Some people may be formal members yet only participate when needed; some may participate on more than one ISPC domain specific working group; and some may not be university employees.

    Information Security Officer. An Information Security Program Council member authorized to manage the Program for a domain of the university.

    Security Administrator. A person with named responsibility in an area of expertise and/or operations with significant effect on the university’s security posture. Some Security Administrators may be ISPC members or Working Group members. Those that are not Members still have the duty and right to present issues and alerts to the Information Security Program. They participate as needed in Program functions, such as presentation of information and issues, investigating, studying, and reporting.

    Information Security Working Group Chair. A Working Group Member that leads, organizes, facilitates, etc., a domain-specific working group. All Working Group chairs are members of the Information Security Program Council.

  • Governance Chart

    Governance Chart

    ISPC Governance Chart

  • Members

    Members

    Senior Executives
    Name Title
    NameJed Shivers TitleSenior Vice President, Finance & Administration
    NameLyle Gomes TitleVice President for Finance and Chief Budget Officer
    NameLawrence Zacarese TitleVice President for Enterprise Risk Management
    NameBraden Hosch TitleVice President for Educational and Insititutional Effectiveness
    Information Security Officers
    Name Title Supervisor Domain
    NameMatthew Nappi (ISPC Chair) TitleAVP & Chief Information Security Officer SupervisorJed Shviers DomainStony Brook University business functions, especially all engaged in "Sensitive Information," as defined in the university's policy.
    NameAndrew Hoffman (ISPC Chair) TitleAssociate CISO & HIPAA Security OFficer SupervisorGerald Kelly, Matthew Nappi DomainStony Brook Medicine business functions, especially all engaged in “Sensitive Information,” as defined in the university’s policy.
    Working Group Chairs
    Name Working Group
    NameSusan Gasparo Working GroupResearch Compliance
    NameJohn Gianmugnai Working GroupSecurity Training and Awareness
    NameJeff Mackey Working GroupBusiness Compliance
    EDUsec and MEDsec Individual Members
    Group

    Members
    GroupEDUsec

    Members

    Victor Montanez (DoIT)

    Ken Myung (DoIT)

    Jim Gonzales (DoIT)

    David Cyrille (DoIT)

    Henry Joseph (DoIT)

    Diana Voss (DoIT)
    GroupMEDsec

    Members

    Daniel Scott (ELIH)

    Mike Gillen (SBSH)

    Angela Demmer (Veteran's Home)

    Kevin Kenny (SBMIT)

    John Hennessey (SBMIT)

    Dennis Gallagher (SBMIT)

    Peter Gazsy (SBMIT)

    John Hiney (SBMIT)

    Stephen Fabrizio (SBMIT)
    DoIT Information Security
    Name
    NameEric Johnfelt
    NameMark Velazquez
    NameSean Burrowes
    NameSanjay Kapur
    NameJohn Gianmugnai
    Other
    Name Title
    NameJennifer Sinatra TitleSenior Manager & Ethics Officer, State Payroll & Employee Records
    NameMichael Mooney TitleSenior Associate Registrar
    NameDiane Bello TitleUniversity Registrar
    NameMarrisa Trachtenberg TitleAssistant to the President for Policy, Compliance and Presidential Initiatives
    NameDouglas Panico TitleAssistant Vice President, Audit & Management Advisory Services
Security Policy & Compliance
Security Policy & Compliance
top