Re: Security Program Development / Staffing survey - Brief

[Samuel Liles <sliles () PURDUE EDU>]

I don't want to be trite, but wouldn't that exact information make a great
finger print of an institution? I think it would be one of the greatest
social engineering hacks of all times. So Eve says to Alice "I logged onto a
mail server and everybody sent me their technology capabilities and
institutional protection capabilities... No really!".

Welcome back to school.

--------------------------
Sam Liles
Purdue University Calumet
Assistant Professor CISIT
Gyte 278
2200 169th Street
Hammond, IN 46323-2094
liless () calumet purdue edu
sliles () purdue edu (West Lafayette)
(219)989-3195 Voice


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Moore
Sent: Monday, August 30, 2004 11:59 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Security Program Development / Staffing survey - Brief

I am trying to do benchmarking to describe "normal" growth for our
information security program.

 Mail To: jhmfa () rit edu       Indicate if you want to be included in a
summary for Educause.

1).  How large is your institution?


2)   Do you have factors which make your information security especially
complex
     a)  medical school?

     B)  gov't contracts, sensitive information?

     c)  technology school?

     d) other?

3)   Is your information security program institute wide?

     If not,  describe?

4)   How long ago did you start your information security program?

5)   How many people have information security as full-time position?

6)   How many people are in information security part-time positions (at
least half-time)?

7)   How many people do?
     a)   Information Security Policy/Standards Development

     b)   Information Security Awareness

     c)   Incident Handling / Investigations

     d)   Are all abuse reports treated as incidents?  If not, how many
do abuse report handling?

     e)   Network Monitoring / Scanning / IDS /ISP

     f)   Risk Assessment / Security Reviews of systems in development


8)  How did your program develop in the first few years?  (e.g. We started
with 1, a year later we added another, 2 years later we added 2 more ...)



9) Lessons learned or war stories (e.g. We deployed too much new technology
early on, without raising awareness ...)



Jim
- - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
Office: 585-475-5406
Lab: 585-475-4122
Fax: 585-475-7950

"In the middle of difficulty lies opportunity." Albert Einstein

"The release of new internet threats have not created a new problem. It has
merely made more urgent the necessity of solving an existing one."
Parallels quote by Albert Einstein on atomic energy

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.