Educause Security Discussion mailing list archives
Re: The role of Information Security in BC
From: Les Mitchell <Les.Mitchell () USQ EDU AU>
Date: Fri, 4 Sep 2009 10:14:45 +1000
From: Les Mitchell <Les.Mitchell () usq edu au> Date: Fri, 4 Sep 2009 08:51:36 +1000 To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] The role of Information Security in BC Stephen, Depends on structure of your response team, and the assigned roles and accountabilities but some thoughts based on the premise that various information systems will be required for the response team to be able to get on with their role effectively: * Information security assist provision of BCDR systems appropriately secure. Would not be nice to have temporary systems needed for response taken offline by an attack while trying to deal with the first * Oversee the secure disposal of physical and digital information of a sensitive or private nature. I.e. Disposal of damaged hardware, paper records should be handled securely * Depending on the incident, information security may be required to make temporary amendments to existing security controls to allow response teams to work effectively. I.e. Network rules, new accounts for temporary staff * Depending on the length of the incident, there may also be a role in ensuring that temporary BCDR are being adequately backed-up * There may be a need for increased monitoring of unaffected systems in the event that someone tries to take advantage of the situation to breach secure/sensitive systems. If I appreciate your enquiry correctly, these are types of things that come to mind where information security may play a role in the implementation of a BC plan. -- Les Mitchell CISM MIIA(Aust) Manager (Audit, Compliance & Risk) | Sustainable Business Management & Improvement University of Southern Queensland Telephone: +61 7 4631 2483 Email: mitchell () usq edu au On 3/09/09 10:37 PM, "Stephen C. Gay" <sgay () KENNESAW EDU> wrote: I would like to solicit the group's opinion on the following question: What is the role of Information Security in Business Continuity implementation? An important point: - There is no question that InfoSec is a critical player in Incident Response, Disaster Recovery, and Business Continuity Planning (key word "planning"). The question isn't about any of those scenarios, but rather when availability is non-existant, critical infrastructures have been disabled, and life safety is at the forefront...what is the role of Information Security? While I think the answer will vary from institution to institution, I am very interested in your individual thoughts and plans. Warm regards, Stephen C Gay CISSP ITS Associate Director - Information Security Office KSU Information Security Officer sgay () kennesaw edu This email (including any attached files) is confidential and is for the intended recipient(s) only. If you received this email by mistake, please, as a courtesy, tell the sender, then delete this email. The views and opinions are the originator's and do not necessarily reflect those of the University of Southern Queensland. Although all reasonable precautions were taken to ensure that this email contained no viruses at the time it was sent we accept no liability for any losses arising from its receipt. The University of Southern Queensland is a registered provider of education with the Australian Government (CRICOS Institution Code No's. QLD 00244B / NSW 02225M)
Current thread:
- The role of Information Security in BC Stephen C. Gay (Sep 03)
- <Possible follow-ups>
- Re: The role of Information Security in BC Guy Pace (Sep 03)
- Re: The role of Information Security in BC Plesco, Todd (Sep 03)
- Re: The role of Information Security in BC Jim Dillon (Sep 03)
- Re: The role of Information Security in BC Hugh Burley (Sep 03)
- Re: The role of Information Security in BC Les Mitchell (Sep 03)
- Re: The role of Information Security in BC Matthew Gracie (Sep 04)