Educause Security Discussion mailing list archives
Re: IT Security in Higher Ed.
From: Pete Hickey <pete () SHADOWS UOTTAWA CA>
Date: Thu, 22 Oct 2009 14:17:22 -0400
On Thu, Oct 22, 2009 at 01:28:58PM -0400, randy marchany wrote:
My experience has shown that if we fail to analyze the "actual" security requirements of a particular function and create a security paradigm that interferes with the business process, then we open ourselves to security issues. In other words, the business process wins. The "art" of building a successful security posture comes from a) knowledge of the business process and how a security requirement will impact that process b) tailoring both the business and security processes to allow the job at hand to be completed c) getting the backing from your Board of Vistors/Regents/Directors to provide staff to perform these functions.
I now put on my flame-retardant suit :-).
I don't think you need that, because you just described reality.. At least for larger institutions. I would add one thing which makes C more difficult than in a business world. There seems to be a lot of independence in the way things are done, and those at the top do not like to wield their power.
Randy Marchany VA Tech IT Security Office & Lab
-- Pete Hickey LITTLE KNOWN FACT: The University of Ottawa Did you know that 90% of North Ottawa, Ontario Americans cannot taste the difference Canada between fried dog and fried cat.
Current thread:
- IT Security in Higher Ed. Hart, Lee Anne (Oct 22)
- <Possible follow-ups>
- Re: IT Security in Higher Ed. Basgen, Brian (Oct 22)
- Re: IT Security in Higher Ed. John Ladwig (Oct 22)
- Re: IT Security in Higher Ed. randy marchany (Oct 22)
- Re: IT Security in Higher Ed. Valdis Kletnieks (Oct 22)
- Re: IT Security in Higher Ed. Allison Dolan (Oct 22)
- Re: IT Security in Higher Ed. Plesco, Todd (Oct 22)
- Re: IT Security in Higher Ed. Pete Hickey (Oct 22)
- Re: IT Security in Higher Ed. John Ladwig (Oct 22)
- Re: IT Security in Higher Ed. Jim Dillon (Oct 22)
- Re: IT Security in Higher Ed. Anand S Malwade (Oct 22)
- Re: IT Security in Higher Ed. Charles Buchholtz (Oct 22)