Educause Security Discussion mailing list archives

Re: Mtgs with people outside of IT?

From: Felecia Vlahos <fvlahos () COX NET>
Date: Wed, 12 May 2010 12:36:51 -0700

Current issues we are discussing (with the folks you mentioned, as well as  Business Services department, Physical 
Plant, and Police Department):

- Review and feedback of your Information Security Plan (or updates to it)
- Procedures/contracts for surplusing equipment (especially copiers right now)
- PCI compliance (if fiscal year end need to check vendor PCI compliance, manage risks in new contracts, review new 
systems)
- Red Flag rules program and implementation (deadline June 2010)
- Faculty retention of student records (what should be retained and for how long - balancing eDiscovery with security 
and operations)
- Physical security issues (RFID tagging procedures - balancing easy access for campus without broadcasting for 
thieves, etching/securing equipment)
- Current vulnerability affecting their standard software (e.g. java and adobe) and testing for compatibility
- Disaster recovery/business continuity procedures (do they have manual procedures for when systems/networks are down?  
What are priorities and timelines for recovery?)

Encourage them to bring an IT staff representative to meeting to assist with discussions that may get more technical 
than their scope.

Thanks,
Felecia Vlahos
Information Security Officer
San Diego State University


---- "Raymond wrote:

Hi all!  I am the chair of a monthly meeting where we meet with other
administrative staff from finance, the Registrar's office, accounting,
payroll, hr, the internal auditor, etc.  It's supposed to be a committee
in which to discuss IT security topics with people outside of IT.  I've
been doing this for a year now and find myself at a loss for what to
discuss in the meeting and how to make it beneficial and worthwhile for
those in attendance.  Do you hold these types of meetings, and if so,
what agenda items are discussed?



We've discussed:

Data Retention

Handling of Sensitive Information

The creation of online courses for students, faculty, and staff

Physical Security

How to best communicate with students



Any insight will be appreciated!



Jessica L. Behunin, CISSP (r) (formerly Raymond)

Information Security Analyst

Information Technology Department



University of Northern Colorado

Campus Box 19

Carter Hall 14, Office 0009b

Greeley, CO 80639

Office: 970-351-1420

Mobile: 970-213-8928

www.unco.edu <http://www.unco.edu>

Current thread:

Mtgs with people outside of IT? Raymond, Jessica (May 12)
- <Possible follow-ups>
- Re: Mtgs with people outside of IT? Matthew Gracie (May 12)
- Re: Mtgs with people outside of IT? Ullman, Catherine (May 12)
- Re: Mtgs with people outside of IT? Alex Jalso (May 12)
- Re: Mtgs with people outside of IT? Ben Woelk (May 12)
- Re: Mtgs with people outside of IT? Mehmedovic, Jenny (May 12)
- Re: Mtgs with people outside of IT? Valdis Kletnieks (May 12)
- Re: Mtgs with people outside of IT? Barbara Torney (May 12)
- Re: Mtgs with people outside of IT? Felecia Vlahos (May 12)