Educause Security Discussion mailing list archives

Re: Office of CISO Research

From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Fri, 26 Jul 2019 21:59:44 +0000

Hi Bill,

Welcome to the EDUCAUSE Security Community Group!

You can find some of this information in our 2019 EDUCAUSE Information Security Almanac: 
https://library.educause.edu/resources/2019/4/the-educause-information-security-almanac-2019

The data in this almanac are derived from the 2018 EDUCAUSE Core Data Service (CDS) survey. The CDS portal allows you 
to share data from your campus and create additional reports for peer data comparisons (Florida State was a 2018 
participant). You can learn more about CDS here: 
https://www.educause.edu/research-and-publications/research/core-data-service

Thank you,
Valerie

Valerie Vogel
Senior Manager, Cybersecurity Program

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | Follow HEISC on 
LinkedIn<https://www.linkedin.com/showcase/higher-education-information-security-council-heisc-/> | twitter: 
@HEISCouncil | vvogel () educause edu<mailto:vvogel () educause edu>

From: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Bill Hunkapiller <bhunkapiller () 
FSU EDU>
Reply-To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Friday, July 26, 2019 at 1:56 PM
To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Office of CISO Research

Hello everyone,

This is my first post to the listserve. I’m the CISO and Chief Privacy Officer at Florida State University. I’m doing a 
little research to see how FSU aligns with other higher education organizations.  Can I get your assistance in 
answering the following questions to include in my research?

1.            How many staff are within your organization?

2.            How many teams are within your organization?

3.            If you could provide an organization chart or answer if the following teams/responsibilities report to 
the CISO Organization?

a.            Security Operations
b.            Identity Access Management
c.             Compliance
d.            IT Risk Management
e.            Privacy Office
f.             Cybersecurity Education/Training
g.            Disaster Recovery
h.            Physical Access
i.              Asset Security
j.              Network Security
k.             Application Security

4.            Ideally, what would you want reporting to the CISO organization that is not currently?

Thanks in advance,

Bill

bhunkapiller () fsu edu<mailto:bhunkapiller () fsu edu>

Current thread:

Office of CISO Research Bill Hunkapiller (Jul 26)
- Re: Office of CISO Research Valerie Vogel (Jul 26)