Educause Security Discussion mailing list archives

Re: Reorganizing for security team

From: Sol Bermann <solb () UMICH EDU>
Date: Fri, 18 Jul 2014 11:51:49 -0400

Am happy to discuss how U-M has evolved this over the past 10 years

Sol Bermann
Interim University of Michigan Chief Information Security Officer
Privacy Officer and IT Policy, Compliance and Enterprise Continuity
Strategist
ITS - Information & Infrastructure Assurance
University of Michigan

734/615-9661
solb () umich edu




On Fri, Jul 18, 2014 at 11:47 AM, Nevin, David <Dave.Nevin () oregonstate edu>
wrote:

 Hi Theresa,

 We’re about a year ahead of you in this process it seems—like you,
security was primarily a network function with AV handled by a server
support team.

 In brief, our office (InfoSec) will provide "application layer" support,
including access permissions, for our InfoSec Tools. Our net/infrastructure
teams will provide hardware and OS-level support for the tools.

 At this point in time we’re continue to work very closely together and
since positions have been shifted from other teams to form the group, this
is happening gradually with the above as an end  goal.

 Feel free to ping me if you’d like to talk about more specific details.

 Dave
 --
Dave Nevin
Chief Information Security Officer
Oregon State University


  From: Theresa Rowe <rowe () OAKLAND EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU>
Date: Friday, July 18, 2014 at 8:34 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Reorganizing for security team

  Hi,
We are finally at a point where we can reorganize to create a separate
security team.  Security is now primarily on the network team, with AV
systems and the like on a technical architecture team.

 Those of you who have created a separate security team can help us out.
What tasks (like firewall installation, firewall rule updates, SIEM
implementation, etc.) are done on what team?  What belongs to networks,
what belongs to systems, and what belongs to security? How did you
architect the separation of duties?

Thanks for all insight -

--
Theresa Rowe
Chief Information Officer
Oakland University

Current thread:

Reorganizing for security team Theresa Rowe (Jul 18)
- Re: Reorganizing for security team Nevin, David (Jul 18)
  - Re: Reorganizing for security team Sol Bermann (Jul 18)
    - Re: Reorganizing for security team Matt Morton (Jul 21)
- Risk analysis And Vendor Management David Grisham (Jul 18)
  - Re: Risk analysis And Vendor Management Roger A Safian (Jul 18)
  - Re: Risk analysis And Vendor Management Sol Bermann (Jul 18)
    - Re: Risk analysis And Vendor Management Chuck Kesler (Jul 18)
  - Re: Risk analysis And Vendor Management Renee Peters (Jul 18)
- Re: Risk analysis And Vendor Management Chuck Kesler (Jul 18)