Educause Security Discussion mailing list archives

Re: enterprise security reporting

From: "van der Kwast, Elijah" <elijah.vanderkwast () JCU EDU AU>
Date: Sun, 1 Nov 2015 22:16:23 +0000

Hi Alex

I use a paper based report at this time that covers a number of key topics (incidents, patching, improvements, etc.). 
Metrics have not been set as yet, however, as our data set matures we will be able to benchmark these and set 
meaningful targets. I am also preparing a separate report on risk management.

The key question I have in mind when preparing the report is "Are we secure?".

Regards

Elijah

Elijah van der Kwast |Security and Risk Specialist | Information & Communications Technology
Division of Services and Resources
Room A20, Computer Building, James Cook University, Mc Gregor Road, Smithfield, QLD 4878, Australia

Contact
P: +61 7 4232 2045
E:   elijah.vanderkwast () jcu edu au<mailto:elijah.vanderkwast () jcu edu au>
W:  www.jcu.edu.au<http://www.jcu.edu.au/>
JCU CRICOS Provider Code: 00117J

Note: The contents of this email transmission, including any attachments, are intended solely for the named addressee 
and are confidential; any unauthorised use, reproduction or storage of the contents and any attachments is expressly 
prohibited. If you have received this transmission in error please delete it and any attachments from your system 
immediately and advise the sender by return email or telephone. James Cook University does not warrant that this email 
and any attachments are error or virus free.
P Please consider the environment before printing this e-mail
[cid:image001.png@01CF4422.F7AB28C0]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alex 
Jalso
Sent: Saturday, 31 October 2015 7:27 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] enterprise security reporting

Hello Everyone,

Each month I send a status report in pdf format to each IT Director and at the end of the semester I send a progress 
report to the dean or vice president of each college or division.  How are you communicating the status of enterprise 
security to senior management?  Is anyone using a web based dashboard?  I'd be happy to share what I've done, discuss 
what worked (and what didn't), and learn what works for you.  Thanks.

Alex

Alex Jalso, PMP, CISM
Chief Information Security Officer
West Virginia University
p: 304-293-4457

Current thread:

enterprise security reporting Alex Jalso (Oct 30)
- Re: enterprise security reporting Thomas Skill (Oct 31)
- Re: enterprise security reporting van der Kwast, Elijah (Nov 01)