Educause Security Discussion mailing list archives
Re: Reporting Structure
From: Rodney Petersen <rpetersen () EDUCAUSE EDU>
Date: Mon, 26 Apr 2004 08:00:41 -0600
There was a similar discussion under the subject heading "CISO?" in January. Below is some information that I posted at the time that is relevant to your questions. In short, most of your questions were part of the ECAR survey (http://www.educause.edu/asp/doclib/abstract.asp?ID=ERS0305) conducted in April 2003 and issued in October 2003. Rodney Petersen Security Task Force Coordinator, EDUCAUSE -The EDUCAUSE Center for Applied Research security report revealed the following: 22.4% institutions of higher education have a chief IT security officer or equivalent; 90% of CSO's work at doctoral extensive or intensive institutions; 95 percent of the IT security officers report to a senior administrator in the IT office, including 50 percent who report to the CIO; respondents were asked when their institution created the IT security officer position and there is a clear, steady pattern of growth beginning in 1994; Director of Networking had day-to-day responsibility for security at over 30% of the institutions -The EDUCAUSE Center for Applied Research is considering a follow-up study to its recent Security Report or including longitudinal questions in an upcoming data networking study -There is a collection of IT Security Officer job descriptions at http://www.educause.edu/asp/doclib/detail_docs.asp?Detail_ID=6 -In a recent article, "Planning for Improved Security", by Mark Bruhn & myself published in EDUCAUSE Review (November/December 2003) (http://www.educause.edu/pub/er/erm03/erm036_articles.asp?id=10), we describe the importance of strategy and planning to the development of an information security program. We also provide examples from three institutions where in two of those cases the "planning" process resulted in the establishment of the position of an IT security officer -The recent book, Computer and Network Security in Higher Education (http://www.educause.edu/asp/doclib/abstract.asp?ID=PUB7008), contains a chapter written by Jeff Recor on "Organizing for Improved Security". The chapter desribes creating a security plan of action, obtaining support for the plan, establishing security leadership (which describes the private-sectors movement towards positions of Chief Security Officer), and an array of security job titles assigned to specific functions. Rodney Petersen Security Task Force Coordinator, EDUCAUSE -----Original Message----- From: King, Dennis C. [mailto:dck22 () ALFRED EDU] Sent: Friday, April 23, 2004 3:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Reporting Structure I searched the archives and couldn't find any threads on this topic. I have been requested to survey the list members regarding the reporting structure on their campus as it pertains to the Information Security Officer or equivalent. I would be interested in the following information (which if provided to me off-list, I will summarize for the list): 1. Position Title 2. Number of Direct Reports (if any) 3. Who you report to 4. Size of your school 5. Length of time position has existed. 6. Anything else you feel may be relevant Thanks, Dennis Dennis C King Information Security Officer Alfred University McMahon 247 , Alfred, NY 14802 email: dck22 () alfred edu - phone: 607.871.2379 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Reporting Structure King, Dennis C. (Apr 23)
- <Possible follow-ups>
- Re: Reporting Structure Steve Schuster (Apr 23)
- Re: Reporting Structure Craig Blaha (Apr 25)
- Re: Reporting Structure Christopher Cramer (Apr 25)
- Re: Reporting Structure Rodney Petersen (Apr 26)
- Re: Reporting Structure King, Dennis C. (May 06)