Re: enterprise security reporting

[Thomas Skill <tskill1 () UDAYTON EDU>]

Alex,

At the University of Dayton, we have been discussing this extensively.  We
have drafted a report that blends some dashboard-type metrics with some
narrative on recent incidents but we are not convinced that we have the
right mix information for mostly non-technical executives.

We are really interested in better understanding what kinds of information
should be shared with leadership (including our Board Audit Committee).
The concept of a dashboard is very compelling - and finding ways to
automate that would be even better.

Our primary question is similar to yours -- what information should we
include in a monthly and/or annual execute briefing?  I would greatly value
a consensus list from this group that articulates what we believe matters
most to report.

Thanks for surfacing this issue!

Tom

Thomas Skill, Ph.D.
Associate Provost & CIO
Professor of Communication
Office (937) 229-3511
Fax (937) 229-4044

eMail: skill () udayton edu <tskill1 () udayton edu>
Twitter: @skilltd <https://twitter.com/skilltd>
Linkedin: http://www.linkedin.com/in/skilltd

UDit
University of Dayton
300 College Park
Dayton, OH 45469-2230

On Fri, Oct 30, 2015 at 5:27 PM, Alex Jalso <ACJalso () mail wvu edu> wrote:

> Hello Everyone,
>
>
>
> Each month I send a status report in pdf format to each IT Director and at
> the end of the semester I send a progress report to the dean or vice
> president of each college or division.  How are you communicating the
> status of enterprise security to senior management?  Is anyone using a web
> based dashboard?  I’d be happy to share what I’ve done, discuss what worked
> (and what didn’t), and learn what works for you.  Thanks.
>
>
>
> Alex
>
>
>
> Alex Jalso, PMP, CISM
>
> Chief Information Security Officer
>
> West Virginia University
>
> p: 304-293-4457