Educause Security Discussion mailing list archives
Re: Security language in all IT job descriptions
From: John Virden <john.virden () UCR EDU>
Date: Tue, 6 Nov 2018 17:51:27 +0000
Andrea, we drafted below wording to insert into non-security position descriptions. Not all in place yet - not a fast moving train. Keeping them high-level for now to gain acceptance. ---------------------------------- Enterprise Solutions - Strong understanding of application development cybersecurity principles and implementation. Enterprise Infrastructure - Familiarity with cybersecurity defense-in-depth strategies, application and implementation, as well as applicable frameworks. System Engineering - Knowledge of cybersecurity system hardening and baseline security configurations for both hardware and software. Campus Networks and Communications - Understanding of network access control, firewall configuration, anomaly detection, and network segmentation specifically regarding cybersecurity and event management. Academic Technology and Campus Support - Awareness of general cybersecurity concepts such as anti-virus and anti-malware, least privilege, multi-factor authentication as well as knowledge of various compliance frameworks and regulations governing varying types of data. Financial and Administrative Support - General awareness of phishing and malware, data security, and security frameworks specific to student and financial data. ---------------------------------- Thank you, John John Virden Chief Information Security Officer University of California, Riverside 951.827.3070 | john.virden () ucr edu [UC Riverside Logo] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Andrea Childress Sent: Tuesday, November 6, 2018 9:34 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Security language in all IT job descriptions Hello all, Does anyone have any language in IT (or all employee) job descriptions that requires information security responsibility? We want to add some language to hold people accountable in job descriptions that translate into performance evaluation elements. If you do, is it the same language for all job descriptions or do you have separate language by job type i.e. system admins are required to patch servers? We are discussing ideas such as: High degree of confidentiality and integrity Coordinate and take direction from security standards Use security approved tools and resources Follow onboarding process for new services and projects Communicate and report security incidents and issues to management Thanks in advance, Andrea Andrea Childress Executive Director UNK Information Technology Services Governance, Risk, and Compliance Cybersecurity and Identity | ITS | 114 Otto Olsen, 68849 University of Nebraska | nebraska.edu Kearney | Lincoln | Omaha 308-865-8789
Current thread:
- Security language in all IT job descriptions Andrea Childress (Nov 06)
- Re: Security language in all IT job descriptions Kevin Wilcox (Nov 06)
- Re: Security language in all IT job descriptions John Virden (Nov 06)
- Re: Security language in all IT job descriptions Dan Oachs (Nov 07)