Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Justification

From: Tim Howard <Timothy_G_Howard () RAYTHEON COM>
Date: Tue, 19 Apr 2005 00:25:04 -0400

Try using the Sarbanes-Oxley requirements for keeping C-levels out of
trouble, most of the board members probably have a business background and
may be able to relate.  Also, there is a federal law regarding the privacy
of education information (I cant remember off the top of my head), so your
efforts are to keep the Superintendent of Schools out of trouble.  As a
K-12 parent and an InfoSec professional, I cringe at the thought of what is
happening "in the wild" with information that is not being well-protected
at schools.
tim



Raytheon
Tim Howard
Information Security Manager
Information Technology & Scientific Services (ITSS)
Raytheon Technical Services Company, LLC
301.883.4104 office 301.883.4136 fax
301.943.4732 cell timothy_g_howard () raytheon com


                                                                           
             "Alt, Brandon C."                                             
             <altb@EDUCATIONCE                                             
             NTRAL.ORG>                                                 To 
             Sent by: The              SECURITY () LISTSERV EDUCAUSE EDU      
             EDUCAUSE Security                                          cc 
             Discussion Group                                              
             Listserv                                              Subject 
             <SECURITY@LISTSER         [SECURITY] Justification            
             V.EDUCAUSE.EDU>                                               
                                                                           
                                                                           
             04/18/2005 02:48                                              
             PM                                                            
                                                                           
                                                                           
             Please respond to                                             
               The EDUCAUSE                                                
                 Security                                                  
             Discussion Group                                              
                 Listserv                                                  
             <SECURITY@LISTSER                                             
              V.EDUCAUSE.EDU>                                              
                                                                           
                                                                           




Sorry for the crossposting, but I think I can get some valuable input from
both lists.

I realize that I’m not in the higher education bracket, however, my
district (K-12) is coming under budget wars and I’m trying to gather my
information for the justification of our (small) security group. Currently
we have about 165,000 users (teachers, staff, and students) and our
security group consists of 2 techs and myself. We support 168 locations
(schools and admin buildings). We have federal regulations (COPPA, HIPPA,
FISMA, etc) that we must maintain compliance with. Anyone able to help me
with providing a justification for our existence to a very
non-technological school board? Any help will be GREATLY appreciated.

Thanks to all.

Brandon Alt
Information Security Manager
Technology Division
Duval County Public Schools
altb () educationcentral org
(904) 348-7259



********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: