Re: Centralized vs. Decentralized IT

[Greg Schaffer <schaffer () MTSU EDU>]

I'd say it depends on how your organization is structured.  If you have
strong central policies, then applying those policies in a decentralized
organization, particularly security policies, would be difficult, IMHO.  I
think some amount of decentralization is fine up to a point, and again that
point is largely defined (explicitly or implicitly) by the policies the
university has in place.



Greg



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sarazen, Daniel
Sent: Thursday, August 07, 2008 2:28 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Centralized vs. Decentralized IT



Hi All,



Do you have any leanings between Centralized IT networks (Main IT group
responsible for IT services); vs. decentralized IT networks (Each department
is responsible for their own apps, servers and security (Intrusion
detection/prevention) with their own IT staff? Has anyone looked at their
campus and formed an opinion on the IT governance configuration?



Any feedback you can provide is appreciated.



Thanks,






:: Daniel Sarazen, CISA, Information Technology Auditor
:: University Internal Audit
:: University of Massachusetts President's Office


:: 508-856-2443

:: 781-724-3377 Cell
:: 508-856-8824 Fax
:: Dsarazen () umassp edu


University of Massachusetts : 333 South St. : Suite 450 : Shrewsbury, MA
01545 :  <http://www.massachusetts.edu/> www.massachusetts.edu