Security Basics mailing list archives
RE: security not a big priority?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 15 Feb 2007 16:50:18 -0800
So I have a problem and like to know what you guys think. I'm a Security Analyst at an Education institute. A community college to be more precise.
Same here -- except that *for now*, my job title says "Network Engineer".
So I was brought on board to address security issues and work on making this place a better place. Now the problem is.
1. I'm in the network operation team. no security group.
This is typical of organizations that think of security as just a technical issue. So *one* of your challenges is to educate at least your management that it's not. But to the extent that it includes technology elements, you're in not too bad a place to enact them. See #4.
2. My boss doesn't seem to know much about security.
Do they know about EduCause? They should be talking to their peers at other institutions, and learning what they do and why.
3. My boss doesn't seem to think highly of security since all my projects seems to be of low priority.
Might be time to interest someone higher up in bringing in consultants to do a review. Believe it or not, managers are more likely to listen to them than to employees *because* they're expensive -- even when they say what employees have been trying to tell them....
4. I have a long list of things that needs to be done and they are all waiting for the engineers to work on it. But again they have better things to do.
Offer to do them. Interpret placement within the network team as empowerment to do the work, only consulting the engineers as necessary.
So what am I suppose to do? look for another job? :) anyone run into this problem before?
Where I am, there are three different campus power structures to deal with. There's the org chart, which puts me on the network team. There's the "shared governance" system; I volunteer to be a Senator in order to sit as a representative on the Technology Advisory Committee, which puts me into a monthly meeting with the CTO and interested users from various constituency groups. And then there's the perennial faculty-versus-staff rivalry, and what seems to work so far there is to make friends with a few of the newer/savvier faculty (who one hopes will speak up when one is being slagged by their colleagues). Since you're subscribed here, you may well be subscribed to various other security mailing lists. Forward an occasional item to your boss (don't average more than about one a week) about the latest data breach involving an educational institution or vulnerability discovered in some application that the college uses. Include a brief note about whether the same threat would work where you are; one way to look at it is that your job is to keep your own institution out of those headlines. David Gillett
Current thread:
- Re: security not a big priority?, (continued)
- Re: security not a big priority? secbasics (Feb 16)
- Re: security not a big priority? Josh Miller (Feb 15)
- Re: security not a big priority? Francois Yang (Feb 15)
- RE: security not a big priority? jbeauford (Feb 15)
- Re: security not a big priority? Francois Yang (Feb 15)
- Re: security not a big priority? Brian Loe (Feb 15)
- Re: security not a big priority? Nathaniel Hall (Feb 15)
- Re: security not a big priority? gerald_309 Gerald (Feb 15)
- Message not available
- Re: security not a big priority? Francois Yang (Feb 15)
- Re: security not a big priority? Jason P. Rusch (Feb 16)
- RE: security not a big priority? David Gillett (Feb 16)
- Re: security not a big priority? Isaac Perez (Feb 16)
- Re: security not a big priority? Aman Raheja (Feb 19)
- Re: security not a big priority? Sandip Wadje-Infosec (Feb 19)
- RE: security not a big priority? Tony UcedaVĂ©lez (Feb 21)
- Re[2]: security not a big priority? Adam Pal (Feb 23)
- Re: Re: security not a big priority? Anonymous (Feb 15)
- Re: security not a big priority? Francois Yang (Feb 15)
- Re: security not a big priority? crazy frog crazy frog (Feb 15)
- RE: security not a big priority? Nhon Yeung (Feb 15)
- RE: security not a big priority? Craig Wright (Feb 15)