Click here to receive your FREE subscription to Campus Technology
Features
The Rise of the CISO
4/1/2007
University of Georgia. He has addressed this broader role by implementing a five-point information security strategy based on risk management; business continuity and disaster recovery planning; policy and management compliance; incident response; and security awareness, training, and education. This comprehensive, integrated approach allows the CISO office to go beyond a computer- and network- centric view of security, and take into account overall policy, regulatory, financial, political, and social issues. This broader view better serves the institution’s mission by assuring confidentiality, integrity, and availability of the school’s information and information systems.Breaking Through Cyber Security Barriers
In the CDW-G report, respondents identified lack of funding, too few staff resources, and the higher education culture as the top three barriers to improving cyber security in higher ed. Fortunately, IT officers in the trenches are working to overcome such challenges, and as a result, dedicated security groups and institutional self-evaluation efforts have emerged in higher ed.
Shortly after assuming the position of information security manager at the University of South Carolina in 2006, Jason Richardson identified the lack of a dedicated security group as a critical problem. At the time, Richardson and several others within the networking group split their time between networking and security duties. To help convince his management of the need for a dedicated security team, Richardson conducted an informal survey of staff resources devoted to IT security at other campuses (his full results are available here). He received 40 responses in two weeks. The number of full-time staff dedicated to information security ranged from zero to 13, and though there was some correlation between institution size and the number of staff, there were numerous cases of small colleges with the same staffing as large research universities. Yet, the growing support for information security was clear. South Carolina now has a dedicated security group (consisting of Richardson and three others) that reports to the deputy CIO. They are developing a comprehensive security program based on best practices and standards such as ISO 17799 and ISO 27001.
Though higher ed’s culture of openness can be difficult to reconcile with better security, it’s not impossible, says Georgia’s Gatewood. For example, the University of Georgia has enhanced its security strategy with a program called ASSETS: Automated Security Self-Evaluation Tools, for identifying and evaluating risks to data and computers in UGA’s highly decentralized and research-oriented environment.
Recommended Reading
- CT Industry
- CT Solutions
- Cut to the Core
- DAM-ing the Digital Flood
- Get The Word Out
The market’s teeming with products to help you alert your campus community on any number of fronts. Now you just have to pick the right ones and get everyone signed up.
- Thwarting the Copycats
New tools are helping colleges and universities counter burgeoning paper mill sites, pervasive internet content, and persistent student ingenuity.
