Please bear with me - this is an odd request ...

[Chad Tracy <ctracy () BATES EDU>]

Hope everyone had a much deserved Thanksgiving break.

I am three months into a newly created security position at an institution
that never had a dedicated person to fill the role. I have been asked to
put together a reading for the Board of Trustees regarding a case study or
some in depth description of a security incident that an institution in
higher education had and what the school did to right itself and any sort
of cost associated with it? The end game is to show the members of the
board the importance of this area. *There may be easier ways to show the
importance but I am sure some of you can probably raise their hand to
having to fulfill a request for the board... :) *

Has anyone ever seen such a report or maybe even completed one themselves?
Maybe the report covered such things as:

How the institution dealt with possible:

reduced donations after the breach,
reputational damage (*I am not sure if this can be measured anymore... are
people becoming so desensitized by breaches that they just shrug them off
nowadays?*),
reduced enrollment.

Costs of remediation:

purchasing technology/services to remediate

hiring of staff

Thank you for your time and feel free to reach out offline either through
email or phone.

Cheers,

Chad



-- 
Chad Tracy
Director of Information Security, Policy and Compliance
Bates College
207 786-6491