Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Similar presentations


Presentation on theme: "Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason."— Presentation transcript:

1 Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason UniversityUniversity of Virginia Copyright Cathy Hubbs and Shirley Payme 2004. This work is the intellectual property of the authosr. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 IT Security Office Landscape 20 percent of the U.S. institutions surveyed have a full-time chief IT security officer At 22 percent of the institutions, IT security is the responsibility of a single individual 95 percent of the IT security officers report to a senior administrator in the IT office, including 50 percent who report to the CIO Coordinator Model

3 Responsibilities of Security Officers Policy Development Compliance Awareness Education & Technical Training Risk Assessment & Business Continuity Strategic Planning Incident Detection & Response Technical Communications (Alerts) Security Champion

4 These Responsibilities Require Many Roles To Be Filled Policy Writer Champion Teacher Strategic Planner Watch Dog Technical Expert Communications Expert Lawyer Enforcer Sage Etc., etc., etc.

5 Etc.! Lawyer Enforcer Sage Communications Expert Technical Expert Strategic Planner Watch Dog Champion Teacher Policy Writer

6 Executive Staff Executive Level Champions Tom Hennessey, Chief of Staff, George Mason University

7 Faculty, Staff, & Student Leaders Chief of Human Resources Dean of Students Dorm Resident Advisors Student Honor Committee

8 Central IT- Computer Group Network Engineers System Engineers Desktop Support Technicians Support Center (help desk) Instructional Designers

9 Systems Administrators Contribute to development of guidelines and policies Assist in defining security awareness and education priorities Act as security champions in their departments Disseminate security alerts within their departments

10 Security Officers Communities of Practices Multiple Perspectives Reuse (no need to reinvent) EDUCAUSE VA SCAN

11 Researchers & Educators Partners in grant opportunities Participate in awareness events Share news of research frontiers in security

12 Advisory Committees Established committees and ad hoc focus groups Review new guidelines, standards, policies Assist in defining awareness & education priorities

13 Internal Auditors Define Risk Assessment priorities And more…

14 Barbara Deily, U.Va. Audit Director Fraud Investigation: Investigations coordinated Expertise shared Audit reporting channels leveraged Policy Implementation: Policy acceptance improved Audit enforcement “Big Stick” available Software Development and New Technology: Internal controls built in Assurance added Much Easier To Move Forward Together On Security Vision

15 Legal Office Interpret regulations HIPAA Gramm-Leach Bliley-Act (GLBA) FERPA Advise on new policies Counsel on incident handling Notify of new or pending legislation

16 Police Department Knowledge sharing Assist during investigations of security breaches and responsible use issues like cyberstalking IT security awareness initiatives combined with general security & safety

17 Public Relations Experts Design professional literature Communicate alerts, events and other information Produce creative marketing tools that deliver the security message in unique and innovative ways, e.g. the U.Va. video

18 Etc.! Lawyer Enforcer Sage Communications Expert Technical Expert Strategic Planner Watch Dog Champio n Teacher Policy Writer Remember This Unhappy Juggler of Roles?

19 Partnerships Make All The Difference! Provide greater flexibility Ease access to others' competencies Share labor Share knowledge capital

20 Etc.! Legal Office Auditors/ Police Researchers & Educators Public Relations Central IT Other Security Officers System Administrators HR/ Dean of Students Advisory Committees Enhanced Security Program You Get Your Sanity Back! Executives

21 Making Partnerships Work

22 Choose Partners Carefully Should have common goals Should be recognized benefits on both sides Should be based upon mutual trust

23 Manage the Partnership Set realistic expectations Communicate well Resolve issues quickly Periodically review partnership health Recognize their contributions

24 Questions?


Download ppt "Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason."

Similar presentations


Ads by Google