Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: success stories

From: Allison Dolan <adolan () MIT EDU>
Date: Wed, 19 Nov 2008 14:44:36 -0500
Compliance with laws can be a major driver - state data breach law
was a motivator here.

What also helps - Working behind the scenes, lots of 1-1 engagement
in the community (even if not defined as 'key' players), incremental
steps and not trying to make the issue so big, encompassing, or scary
that it loses credibility, or asking for disproportionate funding or
level of authority - it helps to work within the culture.

Allison F. Dolan
Program Director, Personally Identifiable Information
Massachusetts Institute of Technology
77 Massachusetts Ave  NE49-3021
Cambridge MA 02139-4307
Phone: (617) 252-1461
http://mit.edu/infoprotect



On Nov 19, 2008, at 2:21 PM, Kathy Bergsma wrote:


I'm interested in hearing about your success stories engaging senior
management support for security initiatives.  What methods worked
at your institution?  I've suggested some methods below.  Let me
know which ones have worked for you and identify others ideas not
listed.

Fear, uncertainty and doubt
Metaphors and analogies
Comparison with peer institutions
Financial benefits such as ROI (return on investment)
Leverage an incident
Metrics
Working behind the scenes
Ask forgiveness rather than permission
Little by little baby steps
Relationship building with key players?  Who are the key players
Other ideas

--
Kathy Bergsma
UF Information Security Manager
352-392-2061
Previous By Date Next
Previous By Thread Next

Current thread: