Educause Security Discussion mailing list archives
Re: Mtgs with people outside of IT?
From: Felecia Vlahos <fvlahos () COX NET>
Date: Wed, 12 May 2010 12:36:51 -0700
Current issues we are discussing (with the folks you mentioned, as well as Business Services department, Physical Plant, and Police Department): - Review and feedback of your Information Security Plan (or updates to it) - Procedures/contracts for surplusing equipment (especially copiers right now) - PCI compliance (if fiscal year end need to check vendor PCI compliance, manage risks in new contracts, review new systems) - Red Flag rules program and implementation (deadline June 2010) - Faculty retention of student records (what should be retained and for how long - balancing eDiscovery with security and operations) - Physical security issues (RFID tagging procedures - balancing easy access for campus without broadcasting for thieves, etching/securing equipment) - Current vulnerability affecting their standard software (e.g. java and adobe) and testing for compatibility - Disaster recovery/business continuity procedures (do they have manual procedures for when systems/networks are down? What are priorities and timelines for recovery?) Encourage them to bring an IT staff representative to meeting to assist with discussions that may get more technical than their scope. Thanks, Felecia Vlahos Information Security Officer San Diego State University ---- "Raymond wrote:
Hi all! I am the chair of a monthly meeting where we meet with other administrative staff from finance, the Registrar's office, accounting, payroll, hr, the internal auditor, etc. It's supposed to be a committee in which to discuss IT security topics with people outside of IT. I've been doing this for a year now and find myself at a loss for what to discuss in the meeting and how to make it beneficial and worthwhile for those in attendance. Do you hold these types of meetings, and if so, what agenda items are discussed? We've discussed: Data Retention Handling of Sensitive Information The creation of online courses for students, faculty, and staff Physical Security How to best communicate with students Any insight will be appreciated! Jessica L. Behunin, CISSP (r) (formerly Raymond) Information Security Analyst Information Technology Department University of Northern Colorado Campus Box 19 Carter Hall 14, Office 0009b Greeley, CO 80639 Office: 970-351-1420 Mobile: 970-213-8928 www.unco.edu <http://www.unco.edu>
Current thread:
- Mtgs with people outside of IT? Raymond, Jessica (May 12)
- <Possible follow-ups>
- Re: Mtgs with people outside of IT? Matthew Gracie (May 12)
- Re: Mtgs with people outside of IT? Ullman, Catherine (May 12)
- Re: Mtgs with people outside of IT? Alex Jalso (May 12)
- Re: Mtgs with people outside of IT? Ben Woelk (May 12)
- Re: Mtgs with people outside of IT? Mehmedovic, Jenny (May 12)
- Re: Mtgs with people outside of IT? Valdis Kletnieks (May 12)
- Re: Mtgs with people outside of IT? Barbara Torney (May 12)
- Re: Mtgs with people outside of IT? Felecia Vlahos (May 12)