Click here to receive your FREE subscription to Campus Technology
Features
The Rise of the CISO
4/1/2007
The 'chief information security officer' role is increasingly important for higher ed, as new cyber security challenges loom on the horizon.
THE LATE 1980s was an exciting time to be a CIO
in higher education. Computing was being decentralized
as microcomputers replaced mainframes,
networking was emerging, and the National Science
Foundation Network (NSFNET) was introducing
the concept of an “internet” to hundreds of
thousands of new users. Security wasn’t much of
an issue; the big debate on campus was whether to
regulate access to the alt.sex newsgroups. An institution’s
systems group handled IT security as an
afterthought. None of us had a “chief information
security officer”—or anything like it.
Now, two decades later, cyber security is routinely identified as the top concern of higher ed CIOs, according to the Campus Computing Project’s 2006 National Survey of Information Technology in US Higher Education. And with good reason: The CDW-G Higher Education IT Security Report Card 2006 (newsroom.cdwg.com/ features/feature-10-10-06.html) indicates that 56 percent of all higher ed institutions have experienced at least one security incident in the last year.
The CISO in Higher Ed
With the growing importance of security, it is not surprising that the responsibility for IT security has moved to senior IT management or dedicated IT security professionals. Forty percent of institutions now have a formally designated chief information security officer, up from 22 percent in 2003, according to Safeguarding the Tower: IT Security in Higher Education 2006, a study from the Educause Center for Applied Research (ECAR).
The person responsible for IT and information security (as well as related audits) may have a variety of titles: information security officer (ISO), IT security manager, or director of information security. Although common in the corporate world, the use of the functional descriptor “chief security officer” (CSO) or “chief information security officer” (CISO) is less common in higher ed. Because the term “chief security officer” is used by many companies for a position that is also responsible for physical security and the safety of employees, the term “chief information security officer” is becoming more prevalent for individuals with an exclusive cyber security focus.
At the same time, the role of the CISO is evolving from a
technologist responsible for computer systems administration,
to someone with campuswide responsibility for information
security policy, regulatory compliance, and financial
tradeoffs, as well as technically oriented computer/network
security and incident response, says Stan Gatewood, CISO
at the
Today, it's clear to almost every campus executive that moving an institution from the traditional purchasing model to a strategic eProcurement program can greatly increase staff efficiency and save the institution money. Because eProcurement automates so many purchasing processes, it eliminates reams of paperwork and allows procurement staff to refocus their efforts on cutting costs and improving strategic partnerships. Mary Jo Gorney-Moreno didn't start out in IT. She joined San Jose State University (CA) in 1981 as an assistant professor in the school of nursing. But somewhere along the way, she realized her energy was focused on academic technology, and how it could help a variety of learners gain knowledge.
Recommended Reading
