Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CISO?

From: Michael G Carr <mcarr () NEBRASKA EDU>
Date: Wed, 21 Jan 2004 16:43:49 -0600
A reorganization within the central I/T department created the budgetary
opportunity for the position but I consider the breaches to other
university systems/networks in 2003 along with federal legislation (i.e.
HIPAA, GLBA) and external auditor recommendations as the 'watershed'
events.

Michael G. Carr, Esq., CISSP
CSN Information Security Officer
University of Nebraska
mcarr () nebraska edu

The University of Nebraska
We've always been pioneers. It's the frontiers that have changed.





"Rodrigues, Philip" <phil.rodrigues () UCONN EDU>
Sent by: The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
01/21/2004 03:57 PM
Please respond to
The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>


To
SECURITY () LISTSERV EDUCAUSE EDU
cc

Subject
[SECURITY] CISO?






Hi all,

I am a Network Security Analyst - you know, a low-level technical grunt.
:-)  The management structure above me is a little fuzzy, but the longer
I work here the more apparent one thing becomes:

We do not have a senior management-level Information Security position.
(And no, I am not looking for a position to be promoted into!)

For those of you who do have a CISO position on your campus, how did you
go about getting the position created?  Was there a watershed event or
was it just a natural evolution?  Have you had a CISO for a while now or
was it just recently you saw a need for one?

For those of you without a CISO-type position on your campus, do you
think you need one?  Do you plan on creating one?  Does your technical
staff fill that role, or has senior IT management assumed those
responsibilities?

Sorry if my questions are a little fuzzy - this is hardly a scientific
survey.  I am trying to figure out how to communicate what I see as a
need here to senior University administration, and I always like to see
if someone else has tackled this first.

Thanks in advance for any advice!

Phil
--

=======================================
Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues () uconn edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu
=======================================

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: