Educause Security Discussion mailing list archives

Re: Security and Privacy Positions - FTEs

From: Chad Tracy <ctracy () BATES EDU>
Date: Mon, 8 Oct 2018 10:00:12 -0400

Morning everyone.

1. how many of your security offices are responsible for Privacy.

I am at a small liberal arts school and I am the only FTE for security...
my role also includes privacy and compliance.


2. How many full or part time dedicated staff you have to focus on
Privacy.  Title of position(s) if applicable.

I am the only one - my title is Director of Information Security, Privacy
and Compliance (mouth full I know ....)


3.  Brief scope of statement of Privacy at your institution ( roles,
responsibilities, and the best- authority).

So much of what encompasses my job deals with all three facets (security,
privacy, and compliance).  I tend to feel that privacy is about controlling
who has access to information (a lot of this can be done with Varonis as
well as a well oiled IDM solution) and security is how one maintains
control. As I work with departments on contracts and such I am asking them
to ensure that there is a business need for each data element in scope.
Most recently we had a rewrite of our Web Privacy Policy (still working
through it) to make it more in line with GDPR - having a handle on what you
actually are collecting and why you need it really helped in getting an
effective policy.

Always happy to chat.

Cheers,

Chad

On Mon, Oct 8, 2018 at 8:59 AM Cathy Hubbs <hubbs () american edu> wrote:

Good morning everyone,
There is talk of adding Privacy to the office of the CISO ( security
program equivalent) at our university.

I am interested in learning more about...

1. how many of your security offices are responsible for Privacy.

2. How many full or part time dedicated staff you have to focus on
Privacy.  Title of position(s) if applicable.

3.  Brief scope of statement of Privacy at your institution ( roles,
responsibilities, and the best- authority).

Thank you!

More than happy to take answers/conversation offline.

Cathy Hubbs, CISO
American University
Washington DC




-- 
Chad Tracy
Director of Information Security, Policy and Compliance
Bates College
207 786-6491

Current thread:

Security and Privacy Positions - FTEs Cathy Hubbs (Oct 08)
- Re: Security and Privacy Positions - FTEs Semmens, Theresa (Oct 08)
- Re: Security and Privacy Positions - FTEs Gregg, Christopher S. (Oct 08)
- Re: Security and Privacy Positions - FTEs Chad Tracy (Oct 08)