Re: What Every President Needs To Know

[Jim Moore <jhmfa () CIS RIT EDU>]

There has been apparent exponential growth in both vulnerabilities and
internet related incidents over the last 5-7 years.  Business models
don't comprehend exponential growth of overhead.

Business schools, in general, don't teach future business leaders or
future presidents of universities the economics of information security.

Technologists also have not been able to bridge the gap to discuss the
financial dimensions of information security.  [Closest is the Security
Business Quarterly by @Stake]

Most people look to technology to solve technological problems.
Balanced security programs often focus on communication, processes, and
people.  [Excellent article "How to spend a security dollar"
http://www.computerworld.com/securitytopics/security/story/0,10801,53651,00.html]

Once you start a security program, detection of problems will improve,
and the state of security will look and feel worse.  Social scientists
can help here, with measures to measure rate of process improvement,
satisfaction with change, etc.

This is a significant expense, in terms of time, resources, and money.

Just my 2 cents.

I am giving these messages to my executive leadership now.

Jim



Rodney Petersen wrote:
> The recent thread concerning "CEO/Cabinet language on security issues"
> is a timely topic for the EDUCAUSE/Internet2 Computer and Network
> Security Task Force.  Marty Hoag in his message alluded to a scheduled
> presentation from the Security Task Force to the Board of the American
> Council on Education (ACE).  A presentation to the ACE Board, comprised
> of college and university presidents (see
> http://www.acenet.edu/about/ace_board.cfm), is scheduled for this
> Saturday, Februar 15th, immediately prior to the ACE Annual Meeting.
>
> As the Security Task Force prepares its remarks and refines its messages
> for college and university presidents, we would welcome your advice, in
> general, and especially your response to the following phrase:
>
> What Every President Needs To Know About Computer and Network Security
>
> Please share your ideas, case studies, anecdotes, experiences, and other
> words of wisdom that the Security Task Force should consider as we make
> the case before college and university presidents of the need for and
> importance of improved computer and network security for higher education.
>
> Please share your responses with the entire Discussion Group.  Any input
> received this week will be useful as we finalize our presentation.
>
> Thanks in advance for your assistance,
>
> Rodney Petersen
> Security Task Force Coordinator
> EDUCAUSE
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/memdir/cg/.


--
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603

Office: 585-475-5406
Fax:    585-475-7950

PGP (jimmoore () mail rit edu): 9C33 0328  CD59 B602 82B8  8521 0B86 0DC9
963C D0C0

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.