Educause Security Discussion mailing list archives
Re: CISO?
From: Michael G Carr <mcarr () NEBRASKA EDU>
Date: Wed, 21 Jan 2004 16:43:49 -0600
A reorganization within the central I/T department created the budgetary opportunity for the position but I consider the breaches to other university systems/networks in 2003 along with federal legislation (i.e. HIPAA, GLBA) and external auditor recommendations as the 'watershed' events. Michael G. Carr, Esq., CISSP CSN Information Security Officer University of Nebraska mcarr () nebraska edu The University of Nebraska We've always been pioneers. It's the frontiers that have changed. "Rodrigues, Philip" <phil.rodrigues () UCONN EDU> Sent by: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> 01/21/2004 03:57 PM Please respond to The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To SECURITY () LISTSERV EDUCAUSE EDU cc Subject [SECURITY] CISO? Hi all, I am a Network Security Analyst - you know, a low-level technical grunt. :-) The management structure above me is a little fuzzy, but the longer I work here the more apparent one thing becomes: We do not have a senior management-level Information Security position. (And no, I am not looking for a position to be promoted into!) For those of you who do have a CISO position on your campus, how did you go about getting the position created? Was there a watershed event or was it just a natural evolution? Have you had a CISO for a while now or was it just recently you saw a need for one? For those of you without a CISO-type position on your campus, do you think you need one? Do you plan on creating one? Does your technical staff fill that role, or has senior IT management assumed those responsibilities? Sorry if my questions are a little fuzzy - this is hardly a scientific survey. I am trying to figure out how to communicate what I see as a need here to senior University administration, and I always like to see if someone else has tackled this first. Thanks in advance for any advice! Phil -- ======================================= Philip A. Rodrigues Network Analyst, UITS University of Connecticut email: phil.rodrigues () uconn edu phone: 860.486.3743 fax: 860.486.6580 web: http://www.security.uconn.edu ======================================= ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.