Information Security Duties and Working Directive
Information Security Unit
The Information Security Unit is responsible for ensuring the protection of the university’s information assets in line with the principles of confidentiality, integrity, and availability, managing cybersecurity risks, and increasing institutional information security awareness. Within this scope, its duties and authorities are listed below:
- To classify institutional information according to criticality and sensitivity levels and ensure information security.
- To implement the Information Security and Communication Guide (ISCG) roadmap, carry out ISCG audit activities, and report the results.
- To create, keep up to date, and supervise the implementation of policies and procedures such as the Information Security Policy, Information Systems General Usage Policy, Physical Security Policy, and Personnel Security Policy in accordance with ISO 27001 requirements.
- To take necessary measures for findings identified during information technology audits conducted by audit institutions.
- To ensure the remediation of security vulnerabilities reported by USOM, the SOME Communication Platform (SIP), and the Presidential Digital Transformation Office.
- To carry out necessary activities to ensure emergency management and business continuity.
- To prepare, manage, and supervise backup, recovery, business continuity, and disaster recovery plans.
- To audit information technology processes and the software life cycle from a cybersecurity perspective.
- To prepare Information Security Awareness training materials, share them with users, and conduct activities to increase awareness levels.
- To perform other duties assigned within the framework of applicable legislation and relevant directives.
