Educause Security Discussion mailing list archives
Re: Security Program Development / Staffing survey - Brief
From: Samuel Liles <sliles () PURDUE EDU>
Date: Mon, 30 Aug 2004 12:13:30 -0500
I don't want to be trite, but wouldn't that exact information make a great finger print of an institution? I think it would be one of the greatest social engineering hacks of all times. So Eve says to Alice "I logged onto a mail server and everybody sent me their technology capabilities and institutional protection capabilities... No really!". Welcome back to school. -------------------------- Sam Liles Purdue University Calumet Assistant Professor CISIT Gyte 278 2200 169th Street Hammond, IN 46323-2094 liless () calumet purdue edu sliles () purdue edu (West Lafayette) (219)989-3195 Voice -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Moore Sent: Monday, August 30, 2004 11:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Security Program Development / Staffing survey - Brief I am trying to do benchmarking to describe "normal" growth for our information security program. Mail To: jhmfa () rit edu Indicate if you want to be included in a summary for Educause. 1). How large is your institution? 2) Do you have factors which make your information security especially complex a) medical school? B) gov't contracts, sensitive information? c) technology school? d) other? 3) Is your information security program institute wide? If not, describe? 4) How long ago did you start your information security program? 5) How many people have information security as full-time position? 6) How many people are in information security part-time positions (at least half-time)? 7) How many people do? a) Information Security Policy/Standards Development b) Information Security Awareness c) Incident Handling / Investigations d) Are all abuse reports treated as incidents? If not, how many do abuse report handling? e) Network Monitoring / Scanning / IDS /ISP f) Risk Assessment / Security Reviews of systems in development 8) How did your program develop in the first few years? (e.g. We started with 1, a year later we added another, 2 years later we added 2 more ...) 9) Lessons learned or war stories (e.g. We deployed too much new technology early on, without raising awareness ...) Jim - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Office: 585-475-5406 Lab: 585-475-4122 Fax: 585-475-7950 "In the middle of difficulty lies opportunity." Albert Einstein "The release of new internet threats have not created a new problem. It has merely made more urgent the necessity of solving an existing one." Parallels quote by Albert Einstein on atomic energy ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Security Program Development / Staffing survey - Brief James Moore (Aug 30)
- <Possible follow-ups>
- Re: Security Program Development / Staffing survey - Brief Samuel Liles (Aug 30)