Educause Security Discussion mailing list archives
Re: Info Sec at Small Colleges
From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Fri, 9 Mar 2018 20:18:10 +0000
The first thing that shows a need are those regulatory/compulsory items you listed; FERPA, HIPAA, PCI, and the like. Many of those require training, documentation, and information security intelligence. Second item, privacy. Good information security is the enabler of good privacy. You can't say you have a privacy policy if you don't have the other...you can't actually confirm, or maintain privacy. Lastly, if you don't have a CISO/Security person, who is keeping their eye on security? Everybody has a job to do (CIO, Network Director, etc.), but nobody but an information security professional has the focus of security. Some articles on it... https://www.cio.com/article/3048074/careers-staffing/why-you-need-a-cso-ciso.html https://www.cio.com/article/2684892/cio-role/why-your-company-needs-both-a-cio-and-a-ciso.html Robert W. Barton Director of Information Security Lewis University One University Parkway Romeoville, IL 60446-2200 815-836-5663 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Davis, Chris Sent: Friday, March 09, 2018 1:23 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Info Sec at Small Colleges I apologize if this is a double email for anyone. I sent this question the small college group, but then thought, it might get more traction/attention here. Before my question, a brief background on my school. We are a small Catholic liberal arts university with an enrollment of approximately 1,300 students. We attended a webinar today on GDPR which led to a larger discussion regarding information security. My question to the group is, how do the smaller colleges justify the expenditures required for a decent info sec program to your administration given the size of our institutions. Also, would anyone be willing to hop on a call to discuss info sec programs at small colleges and what you are doing to stay compliant with the various regulatory requirements - PCI, HIPAA, GLBA, Red Flag, FERPA, and potentially, GDPR. Many thanks in advance! Chris Christopher Davis, Ph.D. Chief Information Officer Lourdes University 6832 Convent Blvd. | REH 003P | Sylvania, OH 43560 cdavis () lourdes edu<mailto:cdavis () lourdes edu> CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
Current thread:
- Info Sec at Small Colleges Davis, Chris (Mar 09)
- Re: Info Sec at Small Colleges Barton, Robert W. (Mar 09)
- Re: Info Sec at Small Colleges Ken Connelly (Mar 09)
- Re: Info Sec at Small Colleges Colleen Keller (Mar 09)
- Re: Info Sec at Small Colleges Radhakrishnan, Rashmi (Mar 09)
- Re: Info Sec at Small Colleges Hagan, Sean (Mar 09)
- Re: Info Sec at Small Colleges Kurtz, Eric (Mar 09)
- Re: Info Sec at Small Colleges Joanna Grama (Mar 09)
- Re: Info Sec at Small Colleges Robert Smith (Mar 09)