Presentation is loading. Please wait.

Presentation is loading. Please wait.

EDUCAUSE Security Professionals Conference

Published byRudolph McCoy Modified over 6 years ago

Similar presentations

Presentation on theme: "EDUCAUSE Security Professionals Conference"— Presentation transcript:

1 EDUCAUSE Security Professionals Conference
Building a Culture of IT Security Awareness May 7, 2014

2 The tale of two campuses

3 IT Security Awareness a Process
Foundation Build relationships Build Culture Resources, Training & Service Multi-layer approach Emerging Challenges Opportunities CISO Frustrations

4 Foundation Start in ITS Ensure CIO support
Establish Chief Information Security Officer Establish IT culture Develop program(s) in accordance with industry standards and generally accepted security principles Understand environment and context as it relates to Security Understand any decentralized organizations or other areas of sensitivity Establish short and long term awareness goals and measures Establish strategic buy in at the executive level

5 Build Relationships Meet key stakeholders
Establish viable and robust working relationships Create or utilize campus governance/organizations Develop a community approach conveying the idea of "What's In IT For Me?" Be supportive of the initiatives of others within the organization Build infrastructure and services to support decentralized IT organizations Formalize relationships and responsibilities

6 Activity: Governance & other organizations
Who are the key stakeholders? What governance or other organizational structures do you use? Who are the members?

7 Build Culture/Empower
Give the principal parties responsibility and resources/support for securing data Develop an operational non-punitive climate that is information security conscious Embed IT Security into everything Offer training, support and services Establish processes with units across campus Provide debriefs and documentation if/when necessary Be a resource; be proactive

8 Resources,Training & Services
Empower data stewards and others Participate in faculty, staff and student orientation Provide scans or other services for decentralized IT Establish CBTs (or other training) for all (central and decentralized) System Admins Provide just in time training Develop presentations Train administrators such as Student Affairs officers on DMCA

9 Activity: How do you keep your campus informed?
Phishing Vulnerabilities DMCA/RIAA Viruses Etc…

10 Layers Orientations DMCA & Safe computing in ITS comprehensive new student communication Security Corner in every ITS Bulletin Presentations across campus Regional and National organizations and activities Endpoint/data protection, free antivirus, anti- phishing campaign, Be Safe campaign

11 Emerging Challenges BYOA Work from anywhere ID Management
Social networking Cloud Others?

12 Opportunities Utilize these to establish ongoing buyin: Educause
Cybersecurity month DR/BC planning Incidents in the news Legal/Audit Organizations/governance

13 Source of CISO Frustrations
Unresourced expectations Inconsistency in policy/rule enforcement "It won't happen to us" attitude "It's gonna happen and we can do anything about it." It's ITs problem

14 Samples

15 "Information Security is Everyone's Business"
Remember When It Comes to se U R IT y

Download ppt "EDUCAUSE Security Professionals Conference"

Similar presentations

Board Governance: A Key to Quality Organizations

Board Governance: A Key to Quality Organizations
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.

Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
Strategic Management of IS/IT: Organization and Resources

Strategic Management of IS/IT: Organization and Resources
Canolfan Dysgu Cymraeg Genedlaethol

Canolfan Dysgu Cymraeg Genedlaethol
Orphaned Servers and Broken Processes 2007 Security Professionals Conference April 12, 2007.

Orphaned Servers and Broken Processes 2007 Security Professionals Conference April 12, 2007.
Computer and Network Security Issues –the Security Officer’s Perspective Jeff Savoy, Information Security Officer.

Computer and Network Security Issues –the Security Officer’s Perspective Jeff Savoy, Information Security Officer.
Seminars on Academic Computing Addressing Organizational Development at Collab State University August 5, 2007.

Seminars on Academic Computing Addressing Organizational Development at Collab State University August 5, 2007.
General Capacity Building Components for Non Profit and Faith Based Agencies Lakewood Resource and Referral Center 212 2 nd Street, suite 204 Lakewood,

General Capacity Building Components for Non Profit and Faith Based Agencies Lakewood Resource and Referral Center nd Street, suite 204 Lakewood,
Atlanta Schools Technology Plan Tasha Ellis Argosy University Dr. Regina Merriwether June 19, 2010.

Atlanta Schools Technology Plan Tasha Ellis Argosy University Dr. Regina Merriwether June 19, 2010.
DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.

DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.
IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.
Solano County Office of Education Jay Speck Solano County Superintendent of Schools.

Solano County Office of Education Jay Speck Solano County Superintendent of Schools.
REPRESENTING EMPLOYER ORGANIZATIONS THROUGHOUT THE WORLD Daniel Funes de Rioja IOE Executive Vice-President IOE Vision Statement Meeting of IOE European.

REPRESENTING EMPLOYER ORGANIZATIONS THROUGHOUT THE WORLD Daniel Funes de Rioja IOE Executive Vice-President IOE Vision Statement Meeting of IOE European.
1 EDUCAUSE Mid-Atlantic Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit.

1 EDUCAUSE Mid-Atlantic Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit.

Similar presentations

Ads by Google