Re: the importance of security

["Weeks, Calvin W." <cweeks () OU EDU>]

Scott,
I had the same issues at my University and I found that when left with
the option of not getting anything that you have worked so hard to
implement, get as many of the senior level administrators together that
will sit at the table with you to review what you are proposing and let
them suggest alternatives while in the presence of their piers. Make
your business case to justify the need and let them figure out how to
best accomplish this for the entire University. Try to stay away from
the issue that this is someone else's problem (i.e., student, faculty,
staff). Security is a global issue and the responsibility is on everyone
to do their part.
For our University this lead into a group of leaders that took global
security issues seriously and helped deal with the technical problems
that does come up. This group is still active on our campus and
sometimes security problems are best dealt with at the local level and
sometimes it is better to addressed on a global level. You may have
similar results from a group like this on your campus. 
I will be glad to talk to you directly to let you know how I got the
group started.

Later,

Calvin Weeks, EnCE, CISSP, CISM
Director, OU Cyber Forensics Lab
University of Oklahoma
Phone:  405-325-8334
Websites:       http://cfl.ou.edu
                http://security.ou.edu

 

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Scott Genung
Sent: Wednesday, August 11, 2004 9:42 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] the importance of security

All,

I am new to this listserv so I apologize in advance if this topic has
been
discussed in the past. I am curious as to how many of you found the need
to
educated your senior administrators to the need of strengthening network
defenses in response to the events of last year and what information you
provided to them that helped them truly understand the importance of
this
issue.

The reason why I ask these questions is that we are dealing with some
fairly stiff opposition to a security plan we developed over the last
several months at the direction of our Associate VP for Technology (who
reports to the Provost). I am trying to find information that help us
make
the case  that the world is a changed placed and that we need to enhance
security in our environment. The push back we're getting from the other
VP
areas is:

- last year was just a bad year and we don't expect the same things to
recur
- all of the problems we encountered were solely the due to student
population
- local departments can adequately defending against these and future
security threats

In response, my VP has instructed me to only implement for now those
measures that create no impact upon the non-student population. In our
case
at least, none of these beliefs are true and there is data to back this
statement up (which I am preparing). I can only assume that others have
encountered the same types of opposition. If so, how did you sell the
these
changes? Are there any documents out there that are written in language
that a senior administrator could understand that would make them
appreciate the scope and gravity of this problem? I greatly appreciate
any
responses.


Scott Genung
Manager of Networking Systems
Telecommunications and Network Support Services
124 Julian Hall
Illinois State University

(309)438-8731   http://www.tnss.ilstu.edu

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.