Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: We're number one! (Is that a good thing?)

From: Grace Lynn Faustino <gfaustin () UNM EDU>
Date: Thu, 1 Feb 2018 21:11:33 +0000
I would like to understand more on the separation of duties when it comes to security and privacy. Sharing of the 
slides will definitely be appreciated. Thanks.

~Grace
 

On 2/1/18, 1:44 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Corn, Michael" <SECURITY () LISTSERV 
EDUCAUSE EDU on behalf of mcorn () UCSD EDU> wrote:

    Having worn both hats, I've finally come around to believing in this separation as well. With one caveat: Security 
professionals need to embrace and have embedded in their DNA privacy principles (just as we ask others to do so with 
security principles). Security remains on the tip of the privacy spear in many situations.
    MC
    
    ----------------------
    Michael Corn | Chief Information Security Officer
    mcorn () ucsd edu
    University of California San Diego | ITS - Information Technology Services
    10280 N. Torrey Pines Road, Suite 255 | La Jolla CA 92093 MC 0928
    cybersecurity.ucsd.edu | esr.ucsd.edu
    
    ________________________________________
    From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Hart, 
Michael <mhart20 () MSUDENVER EDU>
    Sent: Thursday, February 1, 2018 12:39:01 PM
    To: SECURITY () LISTSERV EDUCAUSE EDU
    Subject: Re: [SECURITY] We're number one! (Is that a good thing?)
    
    +1 on the separation of Security and Privacy.  If there’s a copy of this statement around, I’d also like access if 
possible.
    
    From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Pitt, Sharon
    Sent: Thursday, February 1, 2018 1:24 PM
    To: SECURITY () LISTSERV EDUCAUSE EDU
    Subject: Re: [SECURITY] We're number one! (Is that a good thing?)
    
    
    OK, partner in crime, I'll rant.
    
    
    
    It's been a long time since we wrote our response to the Top Ten IT Issues list wrt to security and privacy and 
I've got something to add.
    
    
    
    For context of this rant, I first applaud the organizers of the ELI Annual Meeting for inviting Jules Polonetsky of 
the Future of Privacy Forum to speak about navigating privacy and trust in an era of big data.  It was a great session 
and very important for our teaching and learning community to see.
    
    
    
    At the end, I asked a question about our #1 Issue, with the thought that we should not lump security and privacy 
together.  In other words, moving forward, we should separate these as two concerns.  He agreed, and made a beautiful 
and respectful statement (that I cannot for the life of me recreate) about the distinct, but complementary, differences 
between these two concerns.  (I don't know if slides or a video is available, but it would certainly be great to share 
if that exists.)
    
    
    
    It seems that both privacy concerns and security concerns are increasing and increasingly disruptive.  I don't see 
our community getting a handle on all of these issues unless we break them apart and begin to address them as separate 
issues.  And then, maybe then, Privacy will be the #1 issue.  Or not.
    
    
    
    Sharon
    
    
    
    
    
    
    
    
    Sharon P. Pitt
    Vice President of Information Technologies
    University of Delaware
    030 Smith Hall
    Newark, DE 19716
    (302) 831-0221
    
    
    spitt () udel edu<mailto:spitt () udel edu>
    twitter@sppitt
    
    ________________________________
    From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>> on behalf of Corn, Michael <mcorn () UCSD EDU<mailto:mcorn () UCSD EDU>>
    Sent: Thursday, February 1, 2018 1:43:03 PM
    To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
    Subject: [SECURITY] We're number one! (Is that a good thing?)
    
    Good morning (at least on the west coast) everyone,
    
    As you might have noticed, EDUCAUSE released the Top 10 IT Issues list yesterday. The article and associated 
resources are available here: 
https://www.educause.edu/research-and-publications/research/top-10-it-issues-technologies-and-trends
    
    Information Security is #1 on the list again, and a number of materials have been published in conjunction with the 
main IT Issues article to talk about information security:
    
    *       An interview with HEISC co-leaders about information security in higher education: 
http://er.educause.edu/articles/2018/1/the-third-times-the-charm-information-security-at-the-top-of-the-list-again
    
    *       A new guide on developing a security strategy: 
https://www.educause.edu/guides/developing-a-risk-based-security-strategy-in-higher-education
    I'm curious what this security community thinks of security showing up at the top of the list means. Personally, I 
go back and forth between believing it means we're doing a great job at keeping attention on InfoSec, and believing we 
must be doing a terrible job if it's still getting this kind of attention. It's also tempting to ask if this ranking 
has something to do about how CISOs and CIOs communicate and what we're saying to each other (and what it says about 
the different perspectives of each).
    
    In addition - regardless of why we remain on the top of the list, is there more we should be doing as a community 
to evolve higher ed information security practices? Should we be doing things differently? Is there some collective way 
to bring our industry forward? What should we focus on? What are the resources that we need (publications, guides, 
time, money, etc.) to effect change? How can we make the security discussion strategic and not merely another 
discussion around the operational control du jour.
    
    Thoughts? Rants? It'd be great to get a conversation going in this forum,
    MC
    
    ----------------------
    Michael Corn | Chief Information Security Officer
    mcorn () ucsd edu<mailto:mcorn () ucsd edu>
    University of California San Diego | ITS - Information Technology Services
    10280 N. Torrey Pines Road, Suite 255 | La Jolla CA 92093 MC 0928
    cybersecurity.ucsd.edu | esr.ucsd.edu
Previous By Date Next
Previous By Thread Next

Current thread: