Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Campus Security Governance Structures?

From: Martin Manjak <mm376 () ALBANY EDU>
Date: Wed, 9 Apr 2008 14:26:54 -0400
Looks like I have to answer my own query.

The lack of response to this question is intriguing. Does it mean that
most institutions don't have some form of governance when it comes to
information security?

If that's the case, how are decisions made that affect the institution's
security posture? How are assets ranked and vulnerabilities prioritized?
How is risk assessment performed? Who decides what investments are made
into what technologies and controls?

It seems to me that if you get governance right, many other things fall
into place because you get institutional recognition of risk and
endorsement of mitigation strategies.
M-


Martin Manjak wrote:

I'm curious to know what kinds of governance structures and processes
people might have in place at their various institutions when it comes
to information security. How are institutional priorities determined,
who decides, and how do those get promulgated to the campus?
M-



--
Martin Manjak
Information Security Officer
University at Albany
CISSP, GIAC GSEC-G, GCIH, GCWN
Previous By Date Next
Previous By Thread Next

Current thread: