Re: Executive IT Security Report

[Bonnie Johnson <bjohnson47 () ROOSEVELT EDU>]

Dean,

I’m developing this “framework” to create a common language for conversations with executives and the community at 
large.  A picture is worth a thousand words, etc.  I can highlight the areas in which work is in progress in reports.  
This is a work in progress, some are placeholders.

My role is new, I haven’t started the report yet but interested to see what others have developed.


Bonnie Johnson | Director, Information Security | Roosevelt University |
430 S. Michigan Ave, AUD 362| Chicago, IL 60605-1394 |
PH: 312-341-6352 | FAX: 312-341-3858 | bjohnson47 () roosevelt edu<mailto:bjohnson47 () roosevelt edu>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dean 
Halter
Sent: Wednesday, February 04, 2015 9:26 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Executive IT Security Report

We are being asked to provide our senior management with a meaningful monthly report to demonstrate how we are doing 
currently and improvement over time with respect to IT security.  Have any of you identified a good set of metrics you 
use for this purpose?  If any of you have a report that you use for this purpose that you would be willing to share, it 
would be greatly appreciated.

Thanks,
Dean
___________
Dean Halter, CISA, CISSP
IT Risk Management Officer, UDit
University of Dayton

"Security is a process, not a product."  Bruce Schneier

Attachment: Security Framework 011215.pdf
Description: Security Framework 011215.pdf