Educause Security Discussion mailing list archives
Re: Recommendations On Cabinet Level InfoSec position
From: Jim Wilcox <jim () WILCOXS NET>
Date: Sat, 12 Jul 2003 16:59:47 -0700
The CSO should definitely *not* report to the CIO, but to the CEO/President. For one thing, as Howard Schmidt emphasized while he was at Microsoft (not touting MS as a paragon of security, but Howard left that gig to work for the President of the US via Richard Clarke and is the former President of the ISSA Int'l.), there is no such thing as a CISO. Therefore, subjugating a CSO to a CIO not only diminishes the position, but also ignores the 80% of the job that does not relate to information technology. James R. Wilcox, CISSP 10433 SW 53rd Ave Portland, OR 97219-5837 503 245-6934 jim () wilcoxs net -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of art Sent: Thursday, July 10, 2003 5:43 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Recommendations On Cabinet Level InfoSec position Here at the U of New Mexico we are close to advertising for an information security officer, functionally the mosr senior one on campus, ans this individual will report initially to the highest ranking IT official on campus (currently an Associate VP), but eventually to the CIO when that position is created. Art St. George --On Wednesday, July 09, 2003 5:25 PM -0500 Dan Updegrove <updegrove () MAIL UTEXAS EDU> wrote:
Jim, It's hard for me to imagine that a President's group would have advocated another direct report, especially in a domain that most of them would consider to be (as William F. Buckley said of ocean sailing) "90% boredom and 10% terror." IMHO, the appropriate reporting line for ISO is the to CIO -- and the CIO should be at the cabinet level. I simply cannot imagine that an ISO would receive from a president the supervision and support needed to be effective. In practice, such a "cabinet level" ISO would report to a "deputy to the president," who is also too busy and non-technical
to provide support. Regards, Dan Updegrove At 05:15 PM 7/9/2003, Jim Moore wrote:At the Educause security professionals workshop, I believe that someone mentioned that a college/university presidents group had a task force which made the recommendation that a cabinet level position for Information Security be created at colleges/universities. Does anyone have a reference? Does anyone have the text of the report/recommendation letter? Jim -- -- Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Telephone: (585)475-5406 Fax: (585)475-7950 PGP (jimmoore () mail rit edu): 9C33 0328 CD59 B602 82B8 8521 0DC9 963C D0C0 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.VP for Information Technology Phone (512) 232-9610 The University of Texas at Austin Fax (512) 232-9607 FAC 248 (Mail code: G9800) d.updegrove () its utexas edu P.O. Box 7407 http://wnt.utexas.edu/~danu/ Austin, TX 78713-7407 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Recommendations On Cabinet Level InfoSec position Jim Moore (Jul 09)
- <Possible follow-ups>
- Re: Recommendations On Cabinet Level InfoSec position Dan Updegrove (Jul 09)
- Re: Recommendations On Cabinet Level InfoSec position art (Jul 10)
- Re: Recommendations On Cabinet Level InfoSec position Jim Wilcox (Jul 12)
- Re: Recommendations On Cabinet Level InfoSec position Angel L Cruz (Jul 12)
- Re: Recommendations On Cabinet Level InfoSec position Chief Information Security Officer (Jul 12)
- Re: Recommendations On Cabinet Level InfoSec position Bruhn, Mark S. (Jul 14)
- Re: Recommendations On Cabinet Level InfoSec position Jim Wilcox (Jul 14)
- Re: Recommendations On Cabinet Level InfoSec position Schmidt, Eric W (Jul 15)
- Re: Recommendations On Cabinet Level InfoSec position Bruhn, Mark S. (Jul 15)
- Re: Recommendations On Cabinet Level InfoSec position Ariel Silverstone (Jul 15)
- Re: Recommendations On Cabinet Level InfoSec position Rodney Petersen (Jul 15)