Re: IT Security in Higher Ed.

[Pete Hickey <pete () SHADOWS UOTTAWA CA>]

On Thu, Oct 22, 2009 at 01:28:58PM -0400, randy marchany wrote:

> My experience has shown that if we fail to analyze the "actual"
> security requirements of a particular function and create a security
> paradigm that interferes with the business process, then we open
> ourselves to security issues. In other words, the business process
> wins. The "art" of building a successful security posture comes from
> a) knowledge of the business process and how a security requirement
> will impact that process b) tailoring both the business and security
> processes to allow the job at hand to be completed c) getting the
> backing from your Board of Vistors/Regents/Directors to provide staff
> to perform these functions.

> I now put on my flame-retardant suit :-).

I don't think you need that, because you just described reality..  At
least for larger institutions.

I would add one thing which makes C more difficult than in a
business world.  There seems to be a lot of independence in the way
things are done, and those at the top do not like to wield their
power.

> Randy Marchany
> VA Tech IT Security Office & Lab

--
Pete Hickey                         LITTLE KNOWN FACT:
The University of Ottawa            Did you know that 90% of North
Ottawa, Ontario                     Americans cannot taste the difference
Canada                              between fried dog and fried cat.