EDUCAUSE Security Professionals Conference

Slides:

Advertisements

Similar presentations

Board Governance: A Key to Quality Organizations

Advertisements

Philippine Cybercrime Efforts

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.

Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Strategic Management of IS/IT: Organization and Resources

Canolfan Dysgu Cymraeg Genedlaethol

Orphaned Servers and Broken Processes 2007 Security Professionals Conference April 12, 2007.

Computer and Network Security Issues –the Security Officer’s Perspective Jeff Savoy, Information Security Officer.

Seminars on Academic Computing Addressing Organizational Development at Collab State University August 5, 2007.

General Capacity Building Components for Non Profit and Faith Based Agencies Lakewood Resource and Referral Center nd Street, suite 204 Lakewood,

Atlanta Schools Technology Plan Tasha Ellis Argosy University Dr. Regina Merriwether June 19, 2010.

DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

Solano County Office of Education Jay Speck Solano County Superintendent of Schools.

REPRESENTING EMPLOYER ORGANIZATIONS THROUGHOUT THE WORLD Daniel Funes de Rioja IOE Executive Vice-President IOE Vision Statement Meeting of IOE European.

1 EDUCAUSE Mid-Atlantic Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit.

Teaching Network Security - Lessons Learned Homeland Defense and Security Education Summit February 27 &28, 2007 Margaret Leary Associate Professor Northern.

School Leadership Evaluation System Orientation SY12-13 Evaluation Systems Office, HR Dr. Michael Shanahan, CHRO.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Building Community through Inclusive Excellence

Earth’s Mightiest Heroes: Combating the Evils Lurking in Cyberspace

Principles of Good Governance

BruinTech Vendor Meet & Greet December 3, 2015

Making Cross-campus, Inter-institutional Collaborations Work

Collaborative Innovation Communities: Bringing the Best Together

Effectively engaging everyone in it governance

Transforming Administration Program

University Wide Vulnerability Scanning Program

Updating the Value Proposition:

Cybersecurity - What’s Next? June 2017

Strengthening CIO and CISO Collaboration on Security and Privacy

Leadership and the Future of Information Technology in Higher Education October 15, 2012 Presented by: John Gregory, Chief Information Officer, University.

Condensing the Cloud Developing a Coordinated Organizational Approach Towards Service Sourcing Bruce Maas, Chief Information Officer Melissa Woo, Acting.

Cybersecurity Education & Awareness Overview

The Marshall University Experience with Implementing Project Server 2003 August 9, 2005 Presented by: Chuck Elliott, M.S. Associate Director, Customer.

Educause Mid-Atlantic Conference

Beaver County Behavioral Health

HERE Seminar “Universities and social engagement”

Organization and Knowledge Management

COMBASE - America's Newest Entrepreneurial Organizations

Developing v. Measuring Teachers A Growth Model

CIO and Executive IT Leader Roundtable

Enterprise Roles and Structures:

America’s First National Critical Infrastructure Exercise

Protective Security Advisor Program Brief

Research for all Sharing good practice in research management

Critical Element: Faculty Commitment

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Knowledge Translation

Assistant Vice President and Chief Technology Officer

A Funders Perspective Maria Uhle Co-Chair, Belmont Forum Directorates for Geosciences, US National Science Foundation.

Larry Conrad, Co-Chair and CIO at UNC-Chapel Hill

EDUCAUSE Security Professionals Conference 2018 Jason Pufahl, CISO

MIS 5202 Welcome to IT Governance

Deschutes County Sheriff’s Office Emergency Services Manager

Diversity & Inclusion at UCONN

DSC Contract Management Committee Meeting

2009 Listening Sessions 2001 Visioning Focus Visioning

IEEE IT (Information Technology) Strategy – 2005

IT and Audit Building a Security Aware Culture

DSC Contract Management Committee Meeting

THE 10 x 10 RESILIENCE FRAMEWORK

Andrew GAnucheaU Director of LACAL

AISC Student Club [school] club proposal.

Liberian-German Cooperation in Health Strengthening Gender Equality – The Gender Audit Report – 2018 As part of the feedback a short presentation.

PROF-W10 Up for a Challenge? Learn How to Become a Successful Higher Education CISO Joanna Grama EDUCAUSE Neal Fisch Randy Marchany Tina Thorstenson California.

Presentation transcript:

EDUCAUSE Security Professionals Conference Building a Culture of IT Security Awareness May 7, 2014

The tale of two campuses

IT Security Awareness a Process Foundation Build relationships Build Culture Resources, Training & Service Multi-layer approach Emerging Challenges Opportunities CISO Frustrations

Foundation Start in ITS Ensure CIO support Establish Chief Information Security Officer Establish IT culture Develop program(s) in accordance with industry standards and generally accepted security principles Understand environment and context as it relates to Security Understand any decentralized organizations or other areas of sensitivity Establish short and long term awareness goals and measures Establish strategic buy in at the executive level

Build Relationships Meet key stakeholders Establish viable and robust working relationships Create or utilize campus governance/organizations Develop a community approach conveying the idea of "What's In IT For Me?" Be supportive of the initiatives of others within the organization Build infrastructure and services to support decentralized IT organizations Formalize relationships and responsibilities

Activity: Governance & other organizations Who are the key stakeholders? What governance or other organizational structures do you use? Who are the members?

Build Culture/Empower Give the principal parties responsibility and resources/support for securing data Develop an operational non-punitive climate that is information security conscious Embed IT Security into everything Offer training, support and services Establish processes with units across campus Provide debriefs and documentation if/when necessary Be a resource; be proactive

Resources,Training & Services Empower data stewards and others Participate in faculty, staff and student orientation Provide scans or other services for decentralized IT Establish CBTs (or other training) for all (central and decentralized) System Admins Provide just in time training Develop presentations Train administrators such as Student Affairs officers on DMCA

Activity: How do you keep your campus informed? Phishing Vulnerabilities DMCA/RIAA Viruses Etc…

Layers Orientations DMCA & Safe computing in ITS comprehensive new student communication Security Corner in every ITS Bulletin Presentations across campus Regional and National organizations and activities Endpoint/data protection, free antivirus, anti- phishing campaign, Be Safe campaign

Emerging Challenges BYOA Work from anywhere ID Management Social networking Cloud Others?

Opportunities Utilize these to establish ongoing buyin: Educause Cybersecurity month DR/BC planning Incidents in the news Legal/Audit Organizations/governance

Source of CISO Frustrations Unresourced expectations Inconsistency in policy/rule enforcement "It won't happen to us" attitude "It's gonna happen and we can do anything about it." It's ITs problem

Samples

"Information Security is Everyone's Business" Remember When It Comes to se U R IT y