Educause Security Discussion mailing list archives
Re: Please bear with me - this is an odd request ...
From: Ben Marsden <bmarsden () SMITH EDU>
Date: Mon, 26 Nov 2018 15:43:16 -0500
I expect that institutions that have had a reportable breach have done some immediate cost analysis associated with that event, but I've not heard of any that have undertaken any concerted efforts to get at longer term costs related to giving and enrollment. I'd be very curious to hear about that. I'd also like to hear about what costs were covered by any insurance policies that may have been activated by a breach event, and any issues or lessons learned relating to cyber liability insurance. -- Ben On Mon, Nov 26, 2018 at 2:39 PM Brian Basgen <brian_basgen () emerson edu> wrote:
Hi Chad, Sounds like an interesting opportunity from an engaged board. :) I suspect your easiest and best path is engaging a consultant who does remediation work. While it would be problematic to ask them to report on a past client for obvious reasons, I wonder if you could ask them to reconstruct some incident from a school similar to yours for which there is sufficient public information. If they've worked to remediate higher ed in the past, they could fill in some blanks prospectively and probably put together a pretty compelling story. It wouldn't be accurate without verification with the institution being researched, but a possible acceptable goal for your Board is for a theoretical scenario that is reasonable and realistic. That said, as you say, it would be an atypical request to make of a consultant, but I suspect you could find someone who would see it for what it is: as an interesting challenge! -------------- Brian Basgen Associate Vice President, Information Technology Emerson College | 120 Boylston Street | Boston, MA 02116 On Mon, Nov 26, 2018 at 12:32 PM Chad Tracy <ctracy () bates edu> wrote:Hope everyone had a much deserved Thanksgiving break. I am three months into a newly created security position at an institution that never had a dedicated person to fill the role. I have been asked to put together a reading for the Board of Trustees regarding a case study or some in depth description of a security incident that an institution in higher education had and what the school did to right itself and any sort of cost associated with it? The end game is to show the members of the board the importance of this area. *There may be easier ways to show the importance but I am sure some of you can probably raise their hand to having to fulfill a request for the board... :) * Has anyone ever seen such a report or maybe even completed one themselves? Maybe the report covered such things as: How the institution dealt with possible: reduced donations after the breach, reputational damage (*I am not sure if this can be measured anymore... are people becoming so desensitized by breaches that they just shrug them off nowadays?*), reduced enrollment. Costs of remediation: purchasing technology/services to remediate hiring of staff Thank you for your time and feel free to reach out offline either through email or phone. Cheers, Chad -- Chad Tracy Director of Information Security, Policy and Compliance Bates College 207 786-6491
-- [}--> BEWARE of links and attachments in email! * Stop, Think before you click * ============================================ Ben Marsden : Information Security Director, CISSP ITS, 201 Stoddard Hall, Smith College, Northampton, MA 01063 --------------------------------------------------------------------- =--> Any request to reveal your Smith password via email is fraudulent!
Current thread:
- Please bear with me - this is an odd request ... Chad Tracy (Nov 26)
- Re: Please bear with me - this is an odd request ... Brian Basgen (Nov 26)
- Re: Please bear with me - this is an odd request ... Ben Marsden (Nov 26)
- Re: Please bear with me - this is an odd request ... Dale Lee (Nov 26)
- Re: Please bear with me - this is an odd request ... Ben Marsden (Nov 26)
- Re: Please bear with me - this is an odd request ... Steven Alexander (Nov 26)
- Re: Please bear with me - this is an odd request ... Joanna Grama (Nov 26)
- Re: Please bear with me - this is an odd request ... Chad Tracy (Nov 27)
- Re: Please bear with me - this is an odd request ... Brian Basgen (Nov 26)