Educause Security Discussion mailing list archives
Re: success stories
From: Suresh Balakrishnan <suresh () USMD EDU>
Date: Thu, 20 Nov 2008 16:50:54 -0500
The USM is required to have guidelines that are compatible with State IT security policies and, as a result, the USM IT security officers developed a comprehensive set of guidelines that address risk management, security policy, access controls, network security, nonpublic information, encryption, and other areas. These guidelines were vetted with the State legislative auditors and are periodically updated to align with revisions to the State IT Security Policy. All USM institutions are required to report on the status of implementation of these guidelines annually and some of the institutional security officers have taken advantage of this reporting process to engage senior management. Suresh =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Suresh Balakrishnan Asst. Vice Chancellor and Deputy CIO University System of Maryland Voice: (301) 445-2783 Room 1B Cell:: (301) 922-0531 3300 Metzerott Road Fax: (301) 445-1918 Adelphi, MD 20783 E-mail: suresh () usmd edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ----- Original Message ----- From: "Lazor, Joseph" <JLazor () ADMIN FSU EDU> To: <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Thursday, November 20, 2008 8:41 AM Subject: Re: [SECURITY] success stories Development, adoption, deployment, and compliance monitoring of an IT Security Governance Industry Standard such as ISO 17799. Concurrent with this -- Enterprise ITSEC Strategy (ITSEC is a risk management issue not a technical one!), enabling programs, federated compliance monitoring tools, and performance metrics. Suggested approach includes: 1. Articulate and approve an overall security strategy. 2. Develop a security technical architecture to support the strategy. 3. Establish needed policies to support the strategy and architecture. 4. Acquire additional tools to support the architecture. 5. Establish an organizational structure to deploy the tools and monitor policy adherence. 6. Establish a management reporting mechanism to inform unit and executive management about unit adherence to the strategy and policies as well as to compromised systems. 7. Prioritize activities into implementation phases. 8. Communicate the overall security program to the campus community. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kathy Bergsma Sent: Wednesday, November 19, 2008 2:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] success stories I'm interested in hearing about your success stories engaging senior management support for security initiatives. What methods worked at your institution? I've suggested some methods below. Let me know which ones have worked for you and identify others ideas not listed. Fear, uncertainty and doubt Metaphors and analogies Comparison with peer institutions Financial benefits such as ROI (return on investment) Leverage an incident Metrics Working behind the scenes Ask forgiveness rather than permission Little by little baby steps Relationship building with key players? Who are the key players Other ideas -- Kathy Bergsma UF Information Security Manager 352-392-2061
Current thread:
- Re: success stories, (continued)
- Re: success stories Wayne Samardzich (Nov 19)
- Re: success stories Ardoth Hassler (Nov 19)
- Re: success stories Steve Brukbacher (Nov 19)
- Re: success stories Emilio Valente (Nov 19)
- Re: success stories Allison Dolan (Nov 19)
- Re: success stories Brenda B Gombosky (Nov 19)
- Re: success stories Bob Bayn (Nov 19)
- Re: success stories Lazor, Joseph (Nov 20)
- Re: success stories Doug Markiewicz (Nov 20)
- Re: success stories Steve Schuster (Nov 20)
- Re: success stories Suresh Balakrishnan (Nov 20)
- Re: success stories Brian T Nichols (Nov 20)
- Re: success stories Colleen Hurd (Nov 21)