Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Sampling of IT Compliance in Higher Education – 2010

Published byMabel Jacobs Modified over 6 years ago

Similar presentations

Presentation on theme: "A Sampling of IT Compliance in Higher Education – 2010"— Presentation transcript:

1 A Sampling of IT Compliance in Higher Education – 2010
Phyllis Bernt Professor of Information and Telecommunication Systems Scripps College of Communication Ohio University Matthew Dalton Information Security Officer Office of Information Technology Ohio University

2 Some stats about the survey
Number of responses 160 States represented 38 Carnegie Classifications 14 Dates of the Survey May 13, 2010 – June 14, 2010

3 Who completed the survey?
Assistant Dean - 2 Assistant Director - 3 Associate Provost - 4 Associate Vice President - 4 Chief Financial Officer - 1 Chief Information Officer - 53 Chief Information Security Officer - 4 Chief Information Technology Officer - 2 Chief Privacy Officer - 1 Chief Technology Officer - 4 Compliance Coordinator - 1 Consultant - 1 Coordinator - 1 Dean - 4 Director - 38 Enterprise Architect - 1 Executive Director - 8 Information Security Officer - 4 Information Technology Policy Officer - 1 Manager - 2 Professor - 2 Senior Director - 3 Special Assistant - 1 Vice Chancellor - 4 Vice President - 18 Vice Provost - 1

4 When was your compliance effort started?

5 What triggered your compliance initiative?

6 Current Compliance Practices

7 Compliance Staff (FTE) by Carnegie

8 Who supports compliance efforts?

9 IT Compliance is assigned to:

10 Compliance Demands and Response

11 Standards used in Compliance Efforts

12 Methods for Addressing Compliance

13 Challenges in Compliance

14 What is the biggest challenge?

15 “We have had state and system requirements for compliance and auditing for many years. The role of compliance has grown exponentially, however, over the past 10 years.” “security awareness programs are difficult to sell when limited resources are constantly being chopped at by other ‘more important’ projects.” [IT compliance environment is] “getting better but need to work with community more, challenge [is we] must work on more communications and public relations.” “one of the challenges we face now is that there is uncertainty regarding which laws and contractual obligations we, as a college, must comply with.” Challenge – ‘Balancing IT security practices and academic freedom.’

16 “IT personnel need to be reminded occasionally and told that they cannot function without ensuring that the campus is aware of what is being done. It is as constant battle to keep them from reverting back to making changes on the fly in a production system.” “I think the college must recognize that Information Security can be implemented within higher education without affecting the ‘open’ environment often associated with it. Information security is not always saying ‘No,’ it is more about adapting industry standard best practices to fit within the institution.” “My biggest success has been to gain the respect of key decision makers and ‘influencers’ throughout the campus. Mainly the respect was earned through listening, responding thoughtfully and having a plan ready before the need for the plan surfaced.”

17 “We have had state and system requirements for compliance and auditing for many years. The role of compliance has grown exponentially, however, over the past 10 years.” Challenges – “Too few compliance staff people who really understand IT; the ever-increasing complexities of providing a safe IT environment; lack of understanding of the issues at the executive level.” “The fiscal realities of our college, system, and state have made it difficult to hire new or additional staff.” “I look at compliance with an eye toward enabling safe academic freedom and research. This means instead of restricting activity or data sharing, supporting activity and data sharing within a framework that protects key data, but does not arbitrarily establish end-user constraints.”

18 Challenges “Too few compliance staff people who really understand IT; the ever-increasing complexities of providing a safe IT environment; lack of understanding of the issues at the executive level.” “Faculty, staff, and administration spend time developing methods to improve and enhance the learning environment and I try to work with them instead of against them.” “Currently, compliance is no one’s primary responsibility. It is one of many ‘add on’ responsibilities for a number of folks.” “It [current IT compliance environment] grew out of the questions and reports our auditors began asking about four years ago.” “security awareness programs are difficult to sell when limited resources are constantly being chopped at by other ‘more important’ projects.”

Download ppt "A Sampling of IT Compliance in Higher Education – 2010"

Similar presentations

North Carolina Office of the State Auditor Honesty Integrity Professionalism.

North Carolina Office of the State Auditor Honesty Integrity Professionalism.
Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Board of Governors January 27, 2014 Update on Enhanced Planning.

Board of Governors January 27, 2014 Update on Enhanced Planning.
1 The CMO – One Size Fits All? Jake Julia, Ph.D.Brenda Sprite Northwestern UniversityNavigator Management Partners Session Presented at the Inaugural Global.

1 The CMO – One Size Fits All? Jake Julia, Ph.D.Brenda Sprite Northwestern UniversityNavigator Management Partners Session Presented at the Inaugural Global.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Budgeting at Penn and within Vice Provost for University Life (VPUL) My View: William Turner June, 2012 1.

Budgeting at Penn and within Vice Provost for University Life (VPUL) My View: William Turner June,
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
Paradise Valley Community College Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring OCTAVE at Maricopa Community.

Paradise Valley Community College Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring OCTAVE at Maricopa Community.
Information Technology Audit

Information Technology Audit
Peer Information Security Policies: A Sampling Summer 2015.

Peer Information Security Policies: A Sampling Summer 2015.
Professor Dolina Dowling

Professor Dolina Dowling
Central Piedmont Community College Internal Audit.

Central Piedmont Community College Internal Audit.
Audit and Fiscal Oversight Responsibilities VAVRINEK, TRINE, DAY & CO., LLP December 15,2010.

Audit and Fiscal Oversight Responsibilities VAVRINEK, TRINE, DAY & CO., LLP December 15,2010.
Establishing A Compliance Program: It Makes Sense

Establishing A Compliance Program: It Makes Sense
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Franca Mancini, PhD, LPC Director of Counseling and Psychological Services Shannon Killeen, MA Assistant Vice President for Student Services T RANSITIONS.

Franca Mancini, PhD, LPC Director of Counseling and Psychological Services Shannon Killeen, MA Assistant Vice President for Student Services T RANSITIONS.
1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.

1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.
Educause Live! August 3, 20041 USA PATRIOT Act and Beyond: How Higher Education Institutions and Libraries are Cooperating and Coping Marilu Goodyear CIO.

Educause Live! August 3, USA PATRIOT Act and Beyond: How Higher Education Institutions and Libraries are Cooperating and Coping Marilu Goodyear CIO.
Building A Bridge from Central Administration to Departments, Centers and Institutes Mary E. Schmiedel, JD, CPCM Georgetown University Mary Glasscock Georgetown.

Building A Bridge from Central Administration to Departments, Centers and Institutes Mary E. Schmiedel, JD, CPCM Georgetown University Mary Glasscock Georgetown.

Similar presentations

Ads by Google