Re: Role of Campus Police. Was: number of IT security staff

["Sadler, Connie" <Connie_Sadler () BROWN EDU>]

The various roles need to work together, but we cannot expect
traditional Law Enforcement officials to have the depth of knowledge
necessary to deal with the types of sophisticated threats we deal with
today. It takes IT professionals with technical backgrounds and years
and years of experience to have any chance of competing with the bad
guys out there. I understand your point, but also have another comment:
you say you just want to be a data network manager. Do you really think
you can be a good one if you don't know how to protect the assets you
are responsible for? I really am of the opinion that if we can get to
the point where everyone knows his or her role in the protection of
information, we won't have much need for security specialists.

It *will* be interesting, however, to see how the roles change as the
next generation of more computer literate police officers take over.

Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC
Director, IT Security, Brown University
Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu
Office: 401-863-7266
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
PGP Fingerprint: DA5F ED84 06D7 1635 4BC7  560D 9A07 80BA 91E3 8EFB

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Antonio Quesada
Sent: Monday, January 31, 2005 1:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Role of Campus Police. Was: number of IT
security staff

Well, an InfoSec Officer of another institution of the University System
of Georgia was kind enough to call me and tell me that she disagrees on
my position that Information Security should be handled by Campus
Police. Her point being that Campus Police is not trained to deal with
electronic crime and that information security is more than just Crime
Prevention. I appreciate her reading my post, Thanks!!!!

I would like to expand on my point and present my thoughts on the
matter. 

I entirely agree on the issue of "not trained" or "not prepared", but
that is not the point. The point is, they shall be "prepared". We can
help them now, but all law enforcement activities belong to the police.
I respect police work to the fullest, of course I do, but in all
honesty, I do not want to be a police man. I want to be a Data Network
Manager and continue my career in this field. Years ago the police did
not have the training or equipment to identify/stop speeders, drug
carriers, concealed weapons, etc. etc.

I am of the firm idea that we need to separate the function of Data
Network/Systems/IT/etc Management from the Security function, and this
latter function shall belong to a law enforcement force. 

This way those of us who want to do IT will do it, and those who wish to
pursue law enforcement, electronic or not, will. 
And also, will keep us IT guys more accountable, since we are not in
charge of collecting/handling evidence.

This may take a while to happen, but I really believe it is the way to
go. 
Please feel free to flame me. 


Thanks.

Antonio Quesada
Network Manager, OIT
Gwinnett University Center
1000 University Center Lane Suite B3800
Lawrenceville, GA 30043
USA
678-407-5093

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.