Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Risk Management

From: "Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Wed, 7 Sep 2011 08:52:08 -0400
Hi Everyone:

Thanks to everyone who responded to my risk management question.  While this was not a scientific effort and it did not 
take into account all the associated variables for risk management I figured I would share the results with you anyways 
just in case you ever need them.  I posed the same question to my friends on the Cincinnati CISO Round-table (consists 
of about 25 Fortune 500 CISOs) and included their response as well.  

===============================================================================================================================================================================================================

Number of IHE Responses                         CISO Has Responsibility for Managing IT Risks?                          
Someone Else Has Responsibility for Managing IT Risks                           Comments
        24                                                                      21                                      
                                                        3                                                       1 of 
the 3 Someone Else Responses
                                                                                                                        
                                                                                                                had no 
ISO employed
===============================================================================================================================================================================================================

Number of Fortune 500 Company Responses CISO Has Responsibility for Managing IT Risks?                          Someone 
Else Has Responsibility for Managing IT Risks                           Comments
        14                                                                      13                                      
                                                        1                                                       In the 
one no the VP of Risk Mgt
                                                                                                                        
                                                                                                                had 
that responsibility and the 
                                                                                                                        
                                                                                                                CISO 
reported to them.

===============================================================================================================================================================================================================


- Kevin


Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, CRISC, PMP, ITIL Master Certified
Assistant Vice President, Information Security & Special Projects
University of Cincinnati
513-556-9177
 
The University of Cincinnati is one of America's top public research institutions and one of the region's largest 
employers, with a student population of more than 41,000.
Previous By Date Next
Previous By Thread Next

Current thread: