Educause Security Discussion mailing list archives
Re: What Every President Needs To Know
From: Jim Moore <jhmfa () CIS RIT EDU>
Date: Wed, 12 Feb 2003 01:12:38 -0500
There has been apparent exponential growth in both vulnerabilities and internet related incidents over the last 5-7 years. Business models don't comprehend exponential growth of overhead. Business schools, in general, don't teach future business leaders or future presidents of universities the economics of information security. Technologists also have not been able to bridge the gap to discuss the financial dimensions of information security. [Closest is the Security Business Quarterly by @Stake] Most people look to technology to solve technological problems. Balanced security programs often focus on communication, processes, and people. [Excellent article "How to spend a security dollar" http://www.computerworld.com/securitytopics/security/story/0,10801,53651,00.html] Once you start a security program, detection of problems will improve, and the state of security will look and feel worse. Social scientists can help here, with measures to measure rate of process improvement, satisfaction with change, etc. This is a significant expense, in terms of time, resources, and money. Just my 2 cents. I am giving these messages to my executive leadership now. Jim Rodney Petersen wrote:
The recent thread concerning "CEO/Cabinet language on security issues" is a timely topic for the EDUCAUSE/Internet2 Computer and Network Security Task Force. Marty Hoag in his message alluded to a scheduled presentation from the Security Task Force to the Board of the American Council on Education (ACE). A presentation to the ACE Board, comprised of college and university presidents (see http://www.acenet.edu/about/ace_board.cfm), is scheduled for this Saturday, Februar 15th, immediately prior to the ACE Annual Meeting. As the Security Task Force prepares its remarks and refines its messages for college and university presidents, we would welcome your advice, in general, and especially your response to the following phrase: What Every President Needs To Know About Computer and Network Security Please share your ideas, case studies, anecdotes, experiences, and other words of wisdom that the Security Task Force should consider as we make the case before college and university presidents of the need for and importance of improved computer and network security for higher education. Please share your responses with the entire Discussion Group. Any input received this week will be useful as we finalize our presentation. Thanks in advance for your assistance, Rodney Petersen Security Task Force Coordinator EDUCAUSE ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
-- Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Office: 585-475-5406 Fax: 585-475-7950 PGP (jimmoore () mail rit edu): 9C33 0328 CD59 B602 82B8 8521 0B86 0DC9 963C D0C0 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- What Every President Needs To Know Rodney Petersen (Feb 10)
- <Possible follow-ups>
- Re: What Every President Needs To Know Kevin Shalla (Feb 11)
- Re: What Every President Needs To Know Tom Neiss (Feb 11)
- Re: What Every President Needs To Know Jim Moore (Feb 11)
- Re: What Every President Needs To Know Dorette Kerian (Feb 12)
- Re: What Every President Needs To Know Dick Jacobson (Feb 12)