Educause Security Discussion mailing list archives
Re: We're number one! (Is that a good thing?)
From: "Hoerr, Jason U." <jhoerr () ALBRIGHT EDU>
Date: Thu, 1 Feb 2018 21:14:50 +0000
Well said Michael. The application of security practices can greatly impact Privacy and vice versa. Both disciplines need to comprehend the objectives of the other in the context of their intersections in their separate domains. Jason -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Corn, Michael Sent: Thursday, February 1, 2018 3:44 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] We're number one! (Is that a good thing?) CAUTION: This email originated from outside of Albright College. Do not click links or open attachments unless you recognize the sender and know the content is safe. Having worn both hats, I've finally come around to believing in this separation as well. With one caveat: Security professionals need to embrace and have embedded in their DNA privacy principles (just as we ask others to do so with security principles). Security remains on the tip of the privacy spear in many situations. MC ---------------------- Michael Corn | Chief Information Security Officer mcorn () ucsd edu University of California San Diego | ITS - Information Technology Services 10280 N. Torrey Pines Road, Suite 255 | La Jolla CA 92093 MC 0928 cybersecurity.ucsd.edu | esr.ucsd.edu ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Hart, Michael <mhart20 () MSUDENVER EDU> Sent: Thursday, February 1, 2018 12:39:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] We're number one! (Is that a good thing?) +1 on the separation of Security and Privacy. If there's a copy of this statement around, I'd also like access if possible. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Pitt, Sharon Sent: Thursday, February 1, 2018 1:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] We're number one! (Is that a good thing?) OK, partner in crime, I'll rant. It's been a long time since we wrote our response to the Top Ten IT Issues list wrt to security and privacy and I've got something to add. For context of this rant, I first applaud the organizers of the ELI Annual Meeting for inviting Jules Polonetsky of the Future of Privacy Forum to speak about navigating privacy and trust in an era of big data. It was a great session and very important for our teaching and learning community to see. At the end, I asked a question about our #1 Issue, with the thought that we should not lump security and privacy together. In other words, moving forward, we should separate these as two concerns. He agreed, and made a beautiful and respectful statement (that I cannot for the life of me recreate) about the distinct, but complementary, differences between these two concerns. (I don't know if slides or a video is available, but it would certainly be great to share if that exists.) It seems that both privacy concerns and security concerns are increasing and increasingly disruptive. I don't see our community getting a handle on all of these issues unless we break them apart and begin to address them as separate issues. And then, maybe then, Privacy will be the #1 issue. Or not. Sharon Sharon P. Pitt Vice President of Information Technologies University of Delaware 030 Smith Hall Newark, DE 19716 (302) 831-0221 spitt () udel edu<mailto:spitt () udel edu> twitter@sppitt ________________________________ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Corn, Michael <mcorn () UCSD EDU<mailto:mcorn () UCSD EDU>> Sent: Thursday, February 1, 2018 1:43:03 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] We're number one! (Is that a good thing?) Good morning (at least on the west coast) everyone, As you might have noticed, EDUCAUSE released the Top 10 IT Issues list yesterday. The article and associated resources are available here: https://www.educause.edu/research-and-publications/research/top-10-it-issues-technologies-and-trends Information Security is #1 on the list again, and a number of materials have been published in conjunction with the main IT Issues article to talk about information security: * An interview with HEISC co-leaders about information security in higher education: http://er.educause.edu/articles/2018/1/the-third-times-the-charm-information-security-at-the-top-of-the-list-again * A new guide on developing a security strategy: https://www.educause.edu/guides/developing-a-risk-based-security-strategy-in-higher-education I'm curious what this security community thinks of security showing up at the top of the list means. Personally, I go back and forth between believing it means we're doing a great job at keeping attention on InfoSec, and believing we must be doing a terrible job if it's still getting this kind of attention. It's also tempting to ask if this ranking has something to do about how CISOs and CIOs communicate and what we're saying to each other (and what it says about the different perspectives of each). In addition - regardless of why we remain on the top of the list, is there more we should be doing as a community to evolve higher ed information security practices? Should we be doing things differently? Is there some collective way to bring our industry forward? What should we focus on? What are the resources that we need (publications, guides, time, money, etc.) to effect change? How can we make the security discussion strategic and not merely another discussion around the operational control du jour. Thoughts? Rants? It'd be great to get a conversation going in this forum, MC ---------------------- Michael Corn | Chief Information Security Officer mcorn () ucsd edu<mailto:mcorn () ucsd edu> University of California San Diego | ITS - Information Technology Services 10280 N. Torrey Pines Road, Suite 255 | La Jolla CA 92093 MC 0928 cybersecurity.ucsd.edu | esr.ucsd.edu
Current thread:
- We're number one! (Is that a good thing?) Corn, Michael (Feb 01)
- Re: We're number one! (Is that a good thing?) Pitt, Sharon (Feb 01)
- Re: We're number one! (Is that a good thing?) Hart, Michael (Feb 01)
- Re: We're number one! (Is that a good thing?) Corn, Michael (Feb 01)
- Re: We're number one! (Is that a good thing?) Hoerr, Jason U. (Feb 01)
- Re: We're number one! (Is that a good thing?) Hart, Michael (Feb 01)
- Re: We're number one! (Is that a good thing?) Pitt, Sharon (Feb 01)
- <Possible follow-ups>
- Re: We're number one! (Is that a good thing?) JT Ash (Feb 01)
- Re: We're number one! (Is that a good thing?) Grace Lynn Faustino (Feb 01)