Policy Pickles at Sueme U Seminars in Academic Computing 2005 – Case 5.

Slides:

Advertisements

Similar presentations

Planning Collaborative Spaces in Libraries

Advertisements

Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.

Carolyn M. Byerly, Ph.D., professor Department of Journalism and Graduate Program in Mass Comm & Media Studies TENURE: BASIC INFO AND ISSUES.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.

TDL Labs Partnerships for Exploration Luis Francisco-Revilla, Unmil P. Karadkar School of Information The University of Texas at Austin.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Acceptable Use Policy (AUP) What does it actually say? Why is it necessary?

A Model for IT Policy Development Marilu Goodyear & Beth Forrest Warner University of Kansas Educause 2001October 29, 2001.

1 Penn State’s Identity & Access Management Initiative “It’s all about who you know … and what you know about them”

Serving the Research Mission: An Approach to Central IT’s Role Matthew Stock University at Buffalo.

SEM Planning Model.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Information Security Policies and Standards

Institutional Effectiveness Operational Update Presentation made to the Indiana State University Board of Trustees October 5, 2001.

IN SUPPORT OF FACULTY EMERGENCY AND SAFETY PREPAREDNESS Senate Resolution 1007.

Be a Part of Something Great! Learning Communities at Wayne State.

FAS and the Balanced Scorecard Building a Data-Driven and Strategy-Focused Organization.

Enterprise Financial System Project Overview & Update Council of Research Associate Deans March 22,

UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.

Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College "Copyright Penn State University This work is the intellectual.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

UNCW Institutional Risk Management IRM Overview and Policy Development & Implementation Plan Overview.

UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

1 A Change Model for Building and Maintaining a Successful Campus DE Strategy A. Darryl Davis  January 28, 2003 This work is the intellectual property.

Ann Murphy, Office of the Chief Administrative Officer NOAA Trusted Agent Training Silver Spring, MD October 2014 National Oceanic and Atmospheric Administration.

Peer Information Security Policies: A Sampling Summer 2015.

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

1. What is the DMCA? Digital Millennium Copyright Act. Signed into law in Provides the legal framework for copyright holders to claim copyright.

MAV Environment Conference Changes, new initiatives and directions - councils’ environmental obligations in 2014 and beyond.

University Strategic Resource Planning Council Budget.

Value & Excitement University Technology Services Oakland University Information Technology Strategic Planning Theresa Rowe October 2004 Copyright Theresa.

NERCOMP 2002 Networks, Town and Gown: Collaborating with the Community Pat Cronin & Bill Davis Bridgewater State College Bridgewater, Massachusetts Copyright.

Information Technology Services In Progress Review July 15, 2008.

1 Strategic Thinking for IT Leaders View from the CFO Seminars in Academic Computing Executive Leadership Institute.

Moving the Masses: Building a Collective Approach to Outcomes Assessment Beth Wuest, Director Academic Development and Assessment Lisa Garza, Director.

WORLD INTELLECTUAL PROPERTY ORGANIZATION INDUSTRIAL PROPERTY OFFICE OF THE CZECH REPUBLIC WIPO’s Support in Development of Intellectual Property (IP) Strategies.

1 Canons of Practice: the Washington State University Experience Ronald C. Faas Extension Economist Emeritus Collaborators on Canons project Emmett P.

Family Service System Reform Grant Application Training Video FY Donna Bostick-Knox, Pennsylvania Department of Public Welfare, Office of Children.

Minimizing Risk Relating to Sensitive Data Team Members Lori Rounds - CIO Aaron Brown – Network Security James Beasley – Infrastructure Architect Wendell.

Policy and IT Security Awareness Amy Ginther Policy Develoment Coordinator University of Maryland Information Technology Security Workshop April 2, 2004.

Policy Development at Georgetown: Directory Enabled Applications (and not) Charles F. Leonhardt CSG Winter Meeting Sanibel Harbour,

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

1 Development of STRATEGIC PLAN through DEVELOPMENT STEPS.

Meeting the ‘Great Divide’: Establishing a Unified Culture for Planning and Assessment Cathy A. Fleuriet Ana Lisa Garza Presented at the 2006 Conference.

Developing an Enterprise-Wide Privacy and Data Security Training Program Ross T. Janssen, J.D., CIPP Privacy & Security Officer University of Minnesota.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

New Frameworks for Strategic Enrollment Management Planning

1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.

Enterprise IT Decision Making Governance Amy Gee, Portfolio Manager, EITDM Office of the CIO.

The Evolving Scholarly Record in the Campus Context Sarah M. Pritchard March 23, 2015.

Our conclusions: 1.It is in the best interest of both faculty and students for faculty to inform students of their classroom recording policies. 2.Recording.

The Committee will: Assess and report on technology resources, status and needs. Create concept papers in support of strategic directions approved by.

IT Governance Purpose: Information technology is a catalyst for productivity, creativity and community that enhances learning opportunities in an environment.

Computer Science / Risk Management and Risk Assessment Nathan Singleton.

SOFTWARE PIRACY & WORKPLACE ETHICS. What Is Software Piracy? Unauthorized copying/installation/use Unauthorized distribution or sale.

Principles of Good Governance

Decentralization in a Centralized IT Environment

Records Management New policies and procedures

Information Technology Policy Institutional Data Policy

Colorado state university-pueblo policy and administration (PA)

UGANet Meeting January 7, 2004

Strategies for Strategic Enrollment Planning Communications

Information Technology Organization Overview RFP #220-05

Presentation transcript:

Policy Pickles at Sueme U Seminars in Academic Computing 2005 – Case 5

Case 5 Team  Lavon Frazier, WSU  Chris Haile, SUNY at Albany  Eileen Heveron, National  Brad Hough, Covenant Sem.  Pam McQuesten, Cal State

Presentation Overview  Background  Findings  Recommendations  Action Plans

Presentation Overview  Background  Findings  Recommendations  Action Plans

Institution  Comprehensive state institution  17,000+ students 60% commuter, 40% residential  3,000+ faculty and staff  Dramatic growth in past 10 years  Strong centralized IT Services

Situation  New (first) CIO  Generally good IT infrastructure  Isolated complaints about IT related problems  Minimal IT policies in place  CIO recognizes seriousness of situation

CIO’s Assessment  General IT policies in place, but even those are loose No signature required on AUP Passwords changes not required No rules for use of services (e.g., mass s by all, private servers)  Experiencing bandwidth problems

CIO’s Assessment (cont.)  Access to network and data not appropriately controlled Labs open for public use Access requests granted by IT staff  Exceptional number of copyright violation notices  Issues of academic freedom

Presentation Overview  Background  Findings  Recommendations  Action Plans

Consultant Findings  CIO’s assessment is valid  Situation extends beyond the IT department to entire campus  Policies are inadequate  Risk is high

Consultant Findings (cont.)  Existing policy framework will serve the institutional needs Regular policy review ( policy owner is responsible, at least every 3 years) Policies/changes proposed to President’s Cabinet Approved by Cabinet and President

Presentation Overview  Background  Findings  Recommendations  Action Plans

Recommendations  Put needed IT policies in place Create IT Policy Council Agree on guiding principles Develop needed policies  Educate university community to gain compliance

IT Policy Council  Representation from every major constituency group Faculty, staff, and students University citizens (not technical reps) Ability to see the big picture  Review and recommend policy and policy changes  May develop institutional standards

Guiding Principles  Policies need to be developed in light of the university’s mission  Institutional data is a strategic asset  Network is a community resource  Policies must balance academic freedom, security, and privacy

Policy Development Priorities  Appropriate Use Policy  Data Policy  Network Policy  Digital Copyright Policy  Intellectual Property Policy  Web Policy  Policy

Policy Format  Business need for the policy  Policy statement itself  Complete explanation of policy  Consequences for violations  Identification of policy owner  Appendix with current standards

Policy Enforcement  Clearly state consequences in the policy  Use existing disciplinary procedures based on the person’s role at the institution

Policy Education  Announcement by the President  Published on web and in campus newspaper(s)  Reinforced by policy owner through multiple channels  Policy awareness/education as ongoing IT activity

Presentation Overview  Background  Findings  Recommendations  Action Plans

Action Plans  Take immediate measures to mitigate risk Build awareness of risk with IT staff to gain their buy-in for change Notify President’s Cabinet that CIO is taking immediate mitigation actions Tighten IT practices  Conduct review of current departmental issues

Action Plans (cont.)  Begin to educate stakeholders about departmental and institutional issues  Build stakeholder awareness of the problem of lack of policies – Dean’s Council, Faculty Senate, President’s Cabinet, etc.  Review IT policies at peer institutions

Action Plans (cont.)  Gain buy-in from VPs for IT Policy Council  Begin series of regular executive briefings for mid- and senior-level managers

Policy Pickles at Sueme U Questions?