Educause Security Discussion mailing list archives
Re: Making the case for security policies and personnel
From: Tracy Mitrano <tbm3 () CORNELL EDU>
Date: Fri, 7 Feb 2003 20:17:32 -0500
Dorette, As alternative routes, may I inquire: What kind of policy process/formulation/issuance structures do you have at your school?. As a policy advisor I may be prejudiced to think that policy is often the driving force behind comprehensive change in this or any other significant administrative area. Whether or not you have the explicit encouragement of the highest levels of the administration, you and your organization can move forward with policy; and if such a process is not clearly defined or instituted at UNK then this might be opportunity to get it going. Policy is worthless unless there is the requisite buy-in with a critical mass of IT personnel and/or distributive supportive units throughout campus, IT or otherwise. If you are starting from scratch, then perhaps setting up vetting committees with representation from around campus to share and learn from each other. There is some information about how we have worked on this project at Cornell at http://www.cit.cornell.edu/oit/policy/drafts/. In the next week or so we should have four security policies on offer: Security of Information Technology Resources; Network Registry; Security Incidents Reporting, and Appropriate Use of Passwords. Of course, one size never fits all, but I would encourage efforts to proceed with what is appropriate for security policies and practices irrespective of whether the top central administration has fails to see the leadership light -- you could model it for them. Good fortune! Tracy Mitrano 05:45 PM 2/7/2003 -0600, you wrote:
Mark, I heard you speak at Net@edu about making the case for security policies and personnel on your campus. It was helpful information. You talked about the importance of speaking in CEO or cabinet talk rather than technical talk. You also mentioned that you may have a slide show you used on your campus. I'm having difficulty getting traction with the administration on this issue so I'm looking for other approaches. I'd sure appreciate any examples, models you would be willing to share. Thanks, Mark. Best wishes, Dorette Dorette Kerian, Director, ITSS Information Technology Systems and Services University of North Dakota and Higher Education Computer Network dorette_kerian () mail und nodak edu 701.777-3880, fax 701.777-3978 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Making the case for security policies and personnel Dorette Kerian (Feb 07)
- <Possible follow-ups>
- Re: Making the case for security policies and personnel Dorette Kerian (Feb 07)
- Re: Making the case for security policies and personnel Jim Wilcox (Feb 07)
- Re: Making the case for security policies and personnel Tracy Mitrano (Feb 07)
- Re: Making the case for security policies and personnel Jim Moore (Feb 10)
- Re: Making the case for security policies and personnel Bruhn, Mark S. (Feb 13)
- Re: Making the case for security policies and personnel Ced Bennett (Feb 14)
- Re: Making the case for security policies and personnel Bruhn, Mark S. (Feb 14)
- Re: Making the case for security policies and personnel James Conley (Feb 14)
- Re: Making the case for security policies and personnel Ced Bennett (Feb 18)
- Re: Making the case for security policies and personnel Scott Bradner (Feb 19)