Educause Security Discussion mailing list archives
Re: Results for July HEISC Survey on Current Risks & Top Issues
From: "Corn, Michael" <mcorn () UCSD EDU>
Date: Wed, 19 Jul 2017 01:56:50 +0000
Thanks Val, Out of curiosity, what's the oldest HEISC survey and what were the top 5 then? It's curious to see - training - funding - malware so persistently appear, and while I'm sure the perceived importance of some of these have changed over the last 20 years, they're so systemic that I wonder if it's time to ask why they keep appearing. It would be interesting to see if our actual commitment of resources aligns with the reported 'top' issues. Similarly, since phishing so clearly rises to the top (as it did here in a conversation among the UC CISOs), and since almost everyone is presumably spending serious dollars fighting phishing, should the follow-up question be "why the heck haven't we solved this yet?" which could be interpreted any number of ways. Are we shifting spending to fight phishing or are we increasingly relying on the 'free' anti-phishing technologies provided by the big two? And thus getting what we paid for. thanks for the summary, interesting as always, MC ---------------------- Michael Corn | Chief Information Security Officer mcorn () ucsd edu University of California San Diego | ITS - Information Technology Services 10280 N. Torrey Pines Road, Suite 255 | La Jolla CA 92093 MC 0928 ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Valerie Vogel <vvogel () EDUCAUSE EDU> Sent: Tuesday, July 18, 2017 2:59:25 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Results for July HEISC Survey on Current Risks & Top Issues Good afternoon, Thank you for responding to our most recent quarterly HEISC survey on current risks and top issues in the higher education community. The top 5 issues for Q3 (with 57 respondents): 1. Phishing and social engineering 2. Limited resources for the security program (too much work, not enough time or people) 3. Addressing regulatory requirements (PCI, NIST 800-171, etc.) 4. Malware, ransomware, APTs, and zero day vulnerabilities 5. End user awareness, training, and education And as a reminder, here are the top 5 issues for the first two quarters in 2017. Top 5 issues for Q2 (with 101 respondents): 1. Phishing and social engineering 2. Limited resources for the security program (too much work, not enough time or people) 3. End user awareness, training, and education 4. Limited funding for the security program 5. Protecting Personally Identifiable Information (reducing end-user storage and access to PII) Top 5 issues for Q1 (with 114 respondents) 1. Phishing and social engineering 2. Limited resources for the security program (too much work, not enough time or people) 3. End user awareness, training, and education 4. Limited funding for the security program 5. Malware, ransomware, APTs, and zero day vulnerabilities Thank you, Valerie Valerie Vogel Senior Manager, Cybersecurity Program EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | twitter: @HEISCouncil | vvogel () educause edu<mailto:vvogel () educause edu> Become a Member- Everyone at your organization is an EDUCAUSE member when you join | Access discounts, resources, and valuable peer networks | Discover membership<https://www.educause.edu/about/discover-membership> Attend the EDUCAUSE Metrics Mania!<https://events.educause.edu/webinar/2017/metrics-mania-using-metrics-to-bolster-your-higher-education-information-security-program> online seminar, August 9, 2017.
Current thread:
- Results for July HEISC Survey on Current Risks & Top Issues Valerie Vogel (Jul 18)
- Re: Results for July HEISC Survey on Current Risks & Top Issues Corn, Michael (Jul 18)