Educause Security Discussion mailing list archives
Re: Reorganizing for security team
From: Matt Morton <mmorton () UNOMAHA EDU>
Date: Mon, 21 Jul 2014 14:04:57 +0000
Hi Theresa We did this about 2 years ago and I would be happy to provide a lessons learned offline on what worked and what other issues arose. Matt Matt Morton, CISSP, MHEA Chief Information Security Officer University of Nebraska at Omaha 6001 Dodge St., Omaha NE 68182 402.554.2425 (o) 402.214.5943 (g) 402.708.2176 (m) This communication, along with any attachments, is covered by federal and state law governing electronic communications and may contain confidential and legally privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, use or copying of this message is strictly prohibited. If you have received this in error, please reply immediately to the sender and delete this message. Thank you. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sol Bermann Sent: Friday, July 18, 2014 10:52 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Reorganizing for security team Am happy to discuss how U-M has evolved this over the past 10 years Sol Bermann Interim University of Michigan Chief Information Security Officer Privacy Officer and IT Policy, Compliance and Enterprise Continuity Strategist ITS - Information & Infrastructure Assurance University of Michigan 734/615-9661 solb () umich edu<mailto:solb () umich edu> On Fri, Jul 18, 2014 at 11:47 AM, Nevin, David <Dave.Nevin () oregonstate edu<mailto:Dave.Nevin () oregonstate edu>> wrote: Hi Theresa, We’re about a year ahead of you in this process it seems—like you, security was primarily a network function with AV handled by a server support team. In brief, our office (InfoSec) will provide "application layer" support, including access permissions, for our InfoSec Tools. Our net/infrastructure teams will provide hardware and OS-level support for the tools. At this point in time we’re continue to work very closely together and since positions have been shifted from other teams to form the group, this is happening gradually with the above as an end goal. Feel free to ping me if you’d like to talk about more specific details. Dave -- Dave Nevin Chief Information Security Officer Oregon State University From: Theresa Rowe <rowe () OAKLAND EDU<mailto:rowe () OAKLAND EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Friday, July 18, 2014 at 8:34 AM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] Reorganizing for security team Hi, We are finally at a point where we can reorganize to create a separate security team. Security is now primarily on the network team, with AV systems and the like on a technical architecture team. Those of you who have created a separate security team can help us out. What tasks (like firewall installation, firewall rule updates, SIEM implementation, etc.) are done on what team? What belongs to networks, what belongs to systems, and what belongs to security? How did you architect the separation of duties? Thanks for all insight - -- Theresa Rowe Chief Information Officer Oakland University
Current thread:
- Reorganizing for security team Theresa Rowe (Jul 18)
- Re: Reorganizing for security team Nevin, David (Jul 18)
- Re: Reorganizing for security team Sol Bermann (Jul 18)
- Re: Reorganizing for security team Matt Morton (Jul 21)
- Re: Reorganizing for security team Sol Bermann (Jul 18)
- Risk analysis And Vendor Management David Grisham (Jul 18)
- Re: Risk analysis And Vendor Management Roger A Safian (Jul 18)
- Re: Risk analysis And Vendor Management Sol Bermann (Jul 18)
- Re: Risk analysis And Vendor Management Chuck Kesler (Jul 18)
- Re: Risk analysis And Vendor Management Renee Peters (Jul 18)
- Re: Risk analysis And Vendor Management Chuck Kesler (Jul 18)
- Re: Reorganizing for security team Nevin, David (Jul 18)