Re: Reporting Structure

[John Forker <jforker () MAINE EDU>]

Short Answer: As of July 1, 2013, at the University of Maine System, the
CISO reports to the CIO.

Long Answer: Both of the CISO and CIO are at a system level supporting our
7 public universities.  Prior to July 1, the CISO reported to the Vice
Chancellor for Finance and Administration, the same person that the CIO
reports to.  The change was made to a a system-wide functional realignment
to bring the CISO closer to IT members at part of a team, so we view this
as a positive change. At "dotted line" reporting the the Vice Chancellor
remains for purposes of governance and oversight, incident management, and
audit.  The CISO also has reporting requirements to a multi-campus
cross-functional governance council as well as a committee of the Board of
Trustees.

John
----------------
John Forker
Chief Information Security Officer
University of Maine System
(207) 973-3293


On Thu, Oct 24, 2013 at 12:00 AM, SECURITY automatic digest system <
LISTSERV () listserv educause edu> wrote:

> There are 6 messages totalling 997 lines in this issue.
>
> Topics of the day:
>
>   1. reporting structure (6)
>
> ----------------------------------------------------------------------
>
> Date:    Wed, 23 Oct 2013 20:20:40 +0000
> From:    Russ Leathe <Russ.Leathe () GORDON EDU>
> Subject: reporting structure
>
>  Who does Information Security report to? Does the CSO or ISO report  to
> th=
> e CIO or somebody else?
>
> Thanks and Happy Cyber Security Month!
>
>
> Russ
> Gordon College
> russ () gordon edu