Educause Security Discussion mailing list archives
Re: Security Measures for InfoSec Progam - was Recommendations On Cabinet Level InfoSec position
From: Theresa M Rowe <rowe () OAKLAND EDU>
Date: Wed, 16 Jul 2003 15:35:18 -0400
Very interesting question -
So here is my question, what drives a CIO? What are the
measures used to
determine that they are doing well in security?
Like the analogy to police, I like to look at preventive measures or statistics as well as the weaknesses that still exist. For me, I look at how well are the weaknesses identified, how well are the risks exposed by that weakness presented, what reasonable steps have been proposed, accepted, implemented. These are more measures of progress than thinking there's some end nirvana of security that must be achieved. My knowledge base indicates that new security weaknesses are identified all the time - new viruses or worms, new operating system holes, new awareness about possible crimes. Can my security staff maintain a credible list of these weaknesses? Can we put a dollar or time or some sort of value on the item exposed by the risk? Can we show some sort of progress on mitigation steps each year? Can we show ongoing diligence that would provide a sense of security to those who trust we are doing all we can? Theresa Rowe Assistant Vice President University Technology Services www.oakland.edu/uts - the latest news from University Technology Services ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Re: Security Measures for InfoSec Progam - was Recommendations On Cabinet Level InfoSec position Jim Moore (Jul 16)
- <Possible follow-ups>
- Re: Security Measures for InfoSec Progam - was Recommendations On Cabinet Level InfoSec position Theresa M Rowe (Jul 16)
- Re: Security Measures for InfoSec Progam - was Recommendations On Cabinet Level InfoSec position Bruhn, Mark S. (Jul 16)
- Re: Security Measures for InfoSec Progam - was Recommendations On Cabinet Level InfoSec position Bruhn, Mark S. (Jul 16)