Educause Security Discussion mailing list archives
Re: Organization of IT compliance responsibilities
From: Joanna Grama <jgrama () EDUCAUSE EDU>
Date: Tue, 4 Feb 2014 21:10:24 +0000
Dear Nick, This information will not help you much at the immediate moment, but the EDUCAUSE Center for Analysis and Research is conducting research even as we speak about IT Governance, Risk, and Compliance issues at colleges and universities. A survey of institutions is underway at the moment and will close at the end of this month. The survey went to institutional primary representatives (those individuals that are named as their institution's primary contact with EDUCAUSE). If your primary representative received the survey invite, please encourage them to complete the survey. The research will help IT professionals benchmark their governance, risk, and compliance efforts by characterizing the state of each in the community. The research will also identify common areas of concern as well as transferable best practices and models. We anticipate publishing the research in early June of this year and hopefully the research will address the question that you pose to the group. In the meantime, the November/December EDUCAUSE Review was focused on IT GRC. Perhaps you might find something helpful in that issue. It is available at http://www.educause.edu/ero/educause-review-print-edition-volume-48-number-6-novemberdecember-2013?utm_source=Informz&utm_medium=Email+marketing&utm_campaign=IT+Issues Kind regards, Joanna Joanna Grama, JD, CISSP Director of DRA Operations, IT GRC and Cybersecurity Programs Data, Research, and Analytics EDUCAUSE Uncommon Thinking for the Common Good 282 Century Place, Suite 5000, Louisville, CO 80027 direct: 720.406.6769 | main: 303.449.4430 | fax: 303.440.0461 | educause.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Nick Lewis Sent: Tuesday, February 4, 2014 1:23 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Organization of IT compliance responsibilities Hi everyone, We have internally been discussing compliance recently. I'm working through the Higher Education Compliance Alliance resources to see what is already out there. The IT security and compliance program we are setting up is going to be proposed as an enterprise wide initiative, but only around IT security. I am trying to understand if anyone has their information security programs reporting into a formal Compliance Office/Officer? Or even a formal Compliance Office/Officer at their university? Thanks, Nick -- Nick Lewis Information Security Officer - Director, IT Security and Compliance ITS IT Security and Compliance Email: nlewis10 () slu edu - Phone: 314-977-1786
Current thread:
- Organization of IT compliance responsibilities Nick Lewis (Feb 04)
- Re: Organization of IT compliance responsibilities Joanna Grama (Feb 04)
- Re: Organization of IT compliance responsibilities Lazarus, Carolann (Feb 05)