Educause Security Discussion mailing list archives

Re: Campus Security Governance Structures?

From: "Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Wed, 9 Apr 2008 14:54:49 -0400

Hi Martin:
What is your email address or phone number?  I can't determine them from the
thread.  My gut tells me that people have a governance structure but the
complexity and details surrounding such would be a fairly lengthy and time
consuming item to put into a listserv email response (or at least that's
where I'm at with your question).

-Kevin
 

Kevin L. McLaughlin
CISM, CISSP, GIAC-GSLC,PMP, ITIL Master Certified  
Director, Information Security
University of Cincinnati
513-556-9177 (w)
513-703-3211 (m)
513-558-ISEC (department)
 
 
 

CONFIDENTIALITY NOTICE: This e-mail message and its content is confidential,
intended solely for the addressee, and may be legally privileged. Access to
this message and its content by any individual or entity other than those
identified in this message is unauthorized. If you are not the intended
recipient, any disclosure, copying or distribution of this e-mail may be
unlawful. Any action taken or omitted due to the content of this message is
prohibited and may be unlawful.
 


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Martin Manjak
Sent: Wednesday, April 09, 2008 2:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Campus Security Governance Structures?

Looks like I have to answer my own query.

The lack of response to this question is intriguing. Does it mean that 
most institutions don't have some form of governance when it comes to 
information security?

If that's the case, how are decisions made that affect the institution's 
security posture? How are assets ranked and vulnerabilities prioritized? 
How is risk assessment performed? Who decides what investments are made 
into what technologies and controls?

It seems to me that if you get governance right, many other things fall 
into place because you get institutional recognition of risk and 
endorsement of mitigation strategies.
M-


Martin Manjak wrote:

I'm curious to know what kinds of governance structures and processes 
people might have in place at their various institutions when it comes 
to information security. How are institutional priorities determined, 
who decides, and how do those get promulgated to the campus?
M-


-- 
Martin Manjak
Information Security Officer
University at Albany
CISSP, GIAC GSEC-G, GCIH, GCWN

Attachment: smime.p7s
Description:

Current thread:

Campus Security Governance Structures? Martin Manjak (Apr 07)
- <Possible follow-ups>
- Re: Campus Security Governance Structures? Sarah Stevens (Apr 07)
- Re: Campus Security Governance Structures? Martin Manjak (Apr 09)
- Re: Campus Security Governance Structures? Stephen John Smoogen (Apr 09)
- Re: Campus Security Governance Structures? Mclaughlin, Kevin (mclaugkl) (Apr 09)
- Re: Campus Security Governance Structures? Shane Bishop (Apr 09)
- Re: Campus Security Governance Structures? Basgen, Brian (Apr 09)
- Re: Campus Security Governance Structures? Chisholm, Teri (Apr 09)
- Re: Campus Security Governance Structures? Sarah Stevens (Apr 09)
- Re: Campus Security Governance Structures? Custer, William L. Mr. (Apr 09)
- Re: Campus Security Governance Structures? Jim Dillon (Apr 09)
- Re: Campus Security Governance Structures? Sarah Stevens (Apr 09)
- Re: Campus Security Governance Structures? Cal Frye (Apr 09)
- Re: Campus Security Governance Structures? Doug Markiewicz (Apr 10)
- Re: Campus Security Governance Structures? Jim Dillon (Apr 10)