Educause Security Discussion mailing list archives

Re: ISO and Record Management

From: Theresa Semmens <theresa.semmens () NDSU EDU>
Date: Thu, 31 Jul 2014 15:13:52 +0000

I recommend that when you determine qualifications for the position that it include a degree or a focus in Business 
Administration along with those for security.  ISO's are no longer strictly security focused.  That person will need to 
have a strong sense of business processes for the purpose of aligning them with security standards and guidelines. 
Additionally, s/he will need to be able to multilingual - that is, speak in IT, business, academic, and student life 
languages.  Make sure that the person can tell "stories" as opposed to "this is way it needs to be."  If they can 
create a case (story) that is sensitive to the area, they will have greater success in implementing what is needed and 
will there will be ownership by the owners of the process.

Theresa


Theresa Semmens, CISA
NDSU Chief IT Security Officer
Office: 210D IACC
Mail: NDSU Dept 4500
PO Box 6050
Fargo, ND 58108-6050
P: 701-231-5870
F: 701-231-8541
E: Theresa.Semmens () ndsu edu<mailto:Theresa.Semmens () ndsu edu>
www.ndsu.edu/its/security

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Shamblin, Quinn
Sent: Thursday, July 31, 2014 9:53 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] ISO and Record Management

We have an ISO with a staff, a separate Records Management function (shared across a number of people)

Quinn R Shamblin                                                            .
Executive Director of Information Security, Boston University

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dennis 
Levine
Sent: Thursday, July 31, 2014 10:44 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] ISO and Record Management


Hi All,



We're trying to get a sense of how many schools have an ISO, have a separate Records Manager and if anyone has combined 
the two positions? If you have an ISO, is that the only function of the position or are there other job duties 
performed by that position?



Thanks,

Dennis Levine


Dennis Levine | Network and Security Administrator | 120 Boylston Street  Boston, MA  02116-4624 | (617) 824-8972 | 
Dennis_Levine () emerson edu<mailto:Dennis_Levine () emerson edu> | www.emerson.edu
[emerson]

Current thread:

ISO and Record Management Dennis Levine (Jul 31)
- Re: ISO and Record Management Shamblin, Quinn (Jul 31)
  - Re: ISO and Record Management Theresa Semmens (Jul 31)
- Re: ISO and Record Management Emilie Kunze - ACC (Jul 31)
  - Re: ISO and Record Management randy (Jul 31)
    - Re: ISO and Record Management Walters, Caroline (cw8de) (Aug 01)