A Sampling of IT Compliance in Higher Education – 2010

Slides:

Advertisements

Similar presentations

North Carolina Office of the State Auditor Honesty Integrity Professionalism.

Advertisements

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Board of Governors January 27, 2014 Update on Enhanced Planning.

1 The CMO – One Size Fits All? Jake Julia, Ph.D.Brenda Sprite Northwestern UniversityNavigator Management Partners Session Presented at the Inaugural Global.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Budgeting at Penn and within Vice Provost for University Life (VPUL) My View: William Turner June,

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Paradise Valley Community College Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring OCTAVE at Maricopa Community.

Information Technology Audit

Peer Information Security Policies: A Sampling Summer 2015.

Professor Dolina Dowling

Central Piedmont Community College Internal Audit.

Audit and Fiscal Oversight Responsibilities VAVRINEK, TRINE, DAY & CO., LLP December 15,2010.

Establishing A Compliance Program: It Makes Sense

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Franca Mancini, PhD, LPC Director of Counseling and Psychological Services Shannon Killeen, MA Assistant Vice President for Student Services T RANSITIONS.

1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.

Educause Live! August 3, USA PATRIOT Act and Beyond: How Higher Education Institutions and Libraries are Cooperating and Coping Marilu Goodyear CIO.

Building A Bridge from Central Administration to Departments, Centers and Institutes Mary E. Schmiedel, JD, CPCM Georgetown University Mary Glasscock Georgetown.

Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3.

Moving Towards Information Literacy Through Data Governance

Sexual Violence Policy Development

Welcome and Introduction January 11, 2017

Making Cross-campus, Inter-institutional Collaborations Work

Information Security Program

What is the Fiscal Control and Internal Auditing Act (FCIAA)?

Office of Planning, Research, and Institutional Effectiveness

The Evolution of the Registrar’s Office: Four-Year Perspective

Becoming a Career Services Director: Planning or Chaos? Pat Donahue

IT Audit Processes and Audit

Well Trained International

EHRA Performance Evaluation

Designing Effective Accommodation Plans in Clinical Placement & Internship Settings

Position Descriptions for Public Health Informaticians

The Role of Financial Leadership in a Challenging Economic Climate “Financial Management from a Provincial Perspective” Presented by: Bruce L. Bennett.

Trust, Accountability and Integrity: Board Responsibility for

You Say You Want a Revolution:

Internal and Governmental Financial Auditing and Operational Auditing

Hampshire County Council Adult Social Care

Chapter 9 Control, security and audit

The EDUCAUSE 2018 Top 10 IT Issues

American Mathematical Society

Contract Approvals & Signature Authority

Transforming IT Management

Please don’t Go: Avoiding

IT Development Initiative: Status and Next Steps

Fix it or Forget it? Dealing with Troubled Projects

General Counsel and Chief Privacy Officer

Aligning Our Organization & Strategic Vision

Welcome to Penn State’s 2017 New Faculty Orientation

Enterprise Risk Management

Information Technology Policy Institutional Data Policy

Protecting Student Data/ Financial Aid Data Sharing

Welcome to Penn State’s 2018 New Faculty Orientation

UA Workplace Experience Survey - Chime in!

American University of Beirut

Dealing with your GDPR Challenges

Assistant Vice President and Chief Technology Officer

The EDUCAUSE 2019 Top 10 IT Issues

Creating a More Effective Senate by Establishing Strong Relationships

Fundamentals of Inclusive Governance

Sample Reviewer Questions

Managing Housing for Sustainability and Viability

Best Practices – Winning New Business

John Stanskas, ASCCC President Kelly Fowler, CCCCIO President

The Equity Office April Castañeda

The EDUCAUSE 2019 Top 10 IT Issues

Conflict of Commitment and Outside Activities APM 025

Presentation transcript:

A Sampling of IT Compliance in Higher Education – 2010 Phyllis Bernt Professor of Information and Telecommunication Systems Scripps College of Communication Ohio University Matthew Dalton Information Security Officer Office of Information Technology Ohio University

Some stats about the survey Number of responses 160 States represented 38 Carnegie Classifications 14 Dates of the Survey May 13, 2010 – June 14, 2010

Who completed the survey? Assistant Dean - 2 Assistant Director - 3 Associate Provost - 4 Associate Vice President - 4 Chief Financial Officer - 1 Chief Information Officer - 53 Chief Information Security Officer - 4 Chief Information Technology Officer - 2 Chief Privacy Officer - 1 Chief Technology Officer - 4 Compliance Coordinator - 1 Consultant - 1 Coordinator - 1 Dean - 4 Director - 38 Enterprise Architect - 1 Executive Director - 8 Information Security Officer - 4 Information Technology Policy Officer - 1 Manager - 2 Professor - 2 Senior Director - 3 Special Assistant - 1 Vice Chancellor - 4 Vice President - 18 Vice Provost - 1

When was your compliance effort started?

What triggered your compliance initiative?

Current Compliance Practices

Compliance Staff (FTE) by Carnegie

Who supports compliance efforts?

IT Compliance is assigned to:

Compliance Demands and Response

Standards used in Compliance Efforts

Methods for Addressing Compliance

Challenges in Compliance

What is the biggest challenge?

“We have had state and system requirements for compliance and auditing for many years. The role of compliance has grown exponentially, however, over the past 10 years.” “security awareness programs are difficult to sell when limited resources are constantly being chopped at by other ‘more important’ projects.” [IT compliance environment is] “getting better but need to work with community more, challenge [is we] must work on more communications and public relations.” “one of the challenges we face now is that there is uncertainty regarding which laws and contractual obligations we, as a college, must comply with.” Challenge – ‘Balancing IT security practices and academic freedom.’

“IT personnel need to be reminded occasionally and told that they cannot function without ensuring that the campus is aware of what is being done. It is as constant battle to keep them from reverting back to making changes on the fly in a production system.” “I think the college must recognize that Information Security can be implemented within higher education without affecting the ‘open’ environment often associated with it. Information security is not always saying ‘No,’ it is more about adapting industry standard best practices to fit within the institution.” “My biggest success has been to gain the respect of key decision makers and ‘influencers’ throughout the campus. Mainly the respect was earned through listening, responding thoughtfully and having a plan ready before the need for the plan surfaced.”

“We have had state and system requirements for compliance and auditing for many years. The role of compliance has grown exponentially, however, over the past 10 years.” Challenges – “Too few compliance staff people who really understand IT; the ever-increasing complexities of providing a safe IT environment; lack of understanding of the issues at the executive level.” “The fiscal realities of our college, system, and state have made it difficult to hire new or additional staff.” “I look at compliance with an eye toward enabling safe academic freedom and research. This means instead of restricting activity or data sharing, supporting activity and data sharing within a framework that protects key data, but does not arbitrarily establish end-user constraints.”

Challenges “Too few compliance staff people who really understand IT; the ever-increasing complexities of providing a safe IT environment; lack of understanding of the issues at the executive level.” “Faculty, staff, and administration spend time developing methods to improve and enhance the learning environment and I try to work with them instead of against them.” “Currently, compliance is no one’s primary responsibility. It is one of many ‘add on’ responsibilities for a number of folks.” “It [current IT compliance environment] grew out of the questions and reports our auditors began asking about four years ago.” “security awareness programs are difficult to sell when limited resources are constantly being chopped at by other ‘more important’ projects.”