Presentation is loading. Please wait.

Presentation is loading. Please wait.

Talking With The Boss About Security Darlene Quackenbush, James Madison University Shirley Payne, University of Virginia EDUCAUSE Security Professionals.

Published byCarmel Ferguson Modified over 8 years ago

Similar presentations

Presentation on theme: "Talking With The Boss About Security Darlene Quackenbush, James Madison University Shirley Payne, University of Virginia EDUCAUSE Security Professionals."— Presentation transcript:

1 Talking With The Boss About Security Darlene Quackenbush, James Madison University Shirley Payne, University of Virginia EDUCAUSE Security Professionals Conference April 4 th, 2005

2 2 We must all become much more vigilant in the provision of secure systems, in intrusion detection, in rapid response, and especially in education. We must practice, teach, and infuse all aspects of security into campus lives. Dr. Linwood H. Rose President, James Madison University “Information Security: A Difficult Balance” EDUCAUSE Review, September/October 2004

3 3 Agenda The Executive Audience Benefits of Effective Communication Obstacles To Effective Communication Leveraging Institutional Culture Communication Strategies & Examples

4 4 The Executive Audience Boards of Trustees Presidents Vice Presidents & Provosts Deans & Department Heads Chiefs of Staff

5 5 Perceived Barriers To IT Security Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

6 6 Benefit: Appropriate Strategies Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

7 7 Privacy and academic freedom are critical components of campus culture; it is vital that decisions on policies and procedures regarding security and related issues be carefully vetted, understood, and authorized by both the highest levels of the campus leadership and the representatives of the campus community. The executive role in all of these matters is crucial if internal dissension and unnecessary strife are to be avoided. “Presidential Leadership for IT” David Ward and Brian L. Hawkins EDUCAUSE Review, May/June 2003

8 8 Benefit: Effective Policies Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

9 9 Benefit: Clear Assignment of Responsibilities Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

10 10 Benefit: Executive Role Model Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

11 11 If you can get the president to set the right tone, a majority on campus will likely follow her or his lead in supporting the changes and improvements you recommend. “Gaining the President’s Support for IT Initiative at Small Colleges.” Laurence W. Mazzeno, President, Alvernia College EDUCAUSE Quarterly, Number 1, 2004

12 12 Benefit: Investment Aligned With Risk Profile Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

13 13 Additional Benefits Opportunity to establish appropriate expectations Constructive involvement should a security incident occur

14 14 In a time of crisis, it’s always good to have a boss smarter than you. Joy Hughes, VP/CIO, George Mason University

15 15 Be Prepared For... Additional Work To: –tailor the information –provide status reports, possibly including development of new metrics –respond to inquiries Increased accountability

16 16 Obstacle To Effective Communication: Who are you? Responsibility for security is placed low in the organization

17 17 Obstacle To Effective Communication: IT security? Significant lack of awareness

18 18 Obstacle To Effective Communication: Why spend my time on this? Security not an institutional priority

19 19 Obstacle To Effective Communication: Why can’t you handle it yourself? Executive role not clear

20 20 Obstacle To Effective Communication: What the heck is an IPS? Techno-speak

21 21 Obstacle To Effective Communication: Where’s the ROI? Lack of security metrics

22 22 Obstacle To Effective Communication: You again? Security viewed as one-time fix-it project

23 23 Obstacle To Effective Communication: That’s not how we do things here? Cultural Factors

24 24 What Defines Culture? Strategic Planning and Decision-Making –Examples: Top-down Bottom-up Consensus-based Institutional Values –Examples: Collegial working relationships Emphasis on accountability at all levels of institution Strong faculty influence Student honor code

25 25 What Defines Culture? Control of Operational Functions –Examples: Centralized Decentralized Long-term Institutional Priorities –Examples: Increase research Increase community outreach Compliance Other influences on culture?

26 26 A Good Blueprint A plan A function of environment Express one’s culture/desires Based on examples/knowledge of others Guide for communicating with others

27 27 Communication Strategies Silence is NOT golden  Communicate early and often  Build Awareness  Build Trust

28 28 Communication Strategies Prepare to communicate  Know your security goals  Be prepared to educate  Craft the message  Have outcomes in mind

29 29 Communication Strategies Adjust to change  Listen  Draw linkages  Monitor technical and regulatory changes  Consider timing  Promote agility

30 30 Communication Strategies Prepare for the “long haul”  Manage expectations  Embed security  Communication as an investment  Accountability

31 31 Communication Strategies Leverage culture  Tools/Tailoring/Timing  Compromise/ Consensus  Compliance  Shared ownership

32 32 Ideas For Using Culture Consensus-based Decision-Making Gain Mid-level Support First University of Virginia LSP Program http://www.itc.virginia.edu/dcs/lsp George Mason University SALT Group http://itu.gmu.edu/security/sysadmin/salt-description.html

33 33 Ideas For Using Culture Increasing Emphasis on Compliance Spotlight Federal Regulations Related to Security & Privacy IT Security for Higher Education: A Legal Perspective http://www.educause.edu/ir/library/pdf/csd2746.pdf Family Educational Rights & Privacy Act http://www.ed.gov/policy/gen/guid/fpcp/ferpa/index.html Gramm Leach Bliley Act http://www.ftc.gov/privacy/glbact/index.html Health Insurance Portability & Accountability Act http://www.hhs.gov/ocr.hipaa

34 34 Communication Strategies Seize “opportunities”  Bad things will happen  Anxiety is attention  So is Contemplation  Change culture

35 35 References ACE Letter to Presidents Regarding Cybersecurity http://www.acenet.edu/washington/letters/2003/03march/cyber.cfm Developing Security Education and Awareness Programs http://www.educause.edu/ir/library/pdf/EQM0347.pdf Gaining the President’s Support for IT Initiatives at Small Colleges http://www.educause.edu/apps/eq/eqm04/eqm0417.asp EDUCAUSE Information Security Governance Assessment Tool http://www.educause.edu/LibraryDetailPage/666?ID=SEC0421 Information Security: A Difficult Balance http://www.educause.edu/pub/er/erm04/erm0456.asp Information Security Governance: A Call to Action http://www.cyberpartnership.org/InfoSecGov4_04.pdf Information Technology Security: Governance, Strategy, and Practice in Higher Education http://www.educause.edu/LibraryDetailPage/666?ID=ERS0305 Presidential Leadership for Information Technology http://www.educause.edu/ir/library/pdf/erm0332.pdf

Download ppt "Talking With The Boss About Security Darlene Quackenbush, James Madison University Shirley Payne, University of Virginia EDUCAUSE Security Professionals."

Similar presentations

Tools for the Political Analysis of Policy Reform Initiatives Merilee S. Grindle Edward S. Mason Professor of International Development John F. Kennedy.

Tools for the Political Analysis of Policy Reform Initiatives Merilee S. Grindle Edward S. Mason Professor of International Development John F. Kennedy.
Building a Strategic Management System Office for Student Affairs, Twin Cities Campus Ground Level Work Metrics Initiatives Managing Change Change Management.

Building a Strategic Management System Office for Student Affairs, Twin Cities Campus Ground Level Work Metrics Initiatives Managing Change Change Management.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
CUPA-HR Strong – together!

CUPA-HR Strong – together!
Creating Executive Awareness about Information Security Joy Hughes, VP, George Mason Univ. Jack Suess, VP, UMBC EDUCAUSE.

Creating Executive Awareness about Information Security Joy Hughes, VP, George Mason Univ. Jack Suess, VP, UMBC EDUCAUSE.
Copyright Marts & Lundy Cultivating a Culture of Philanthropy Kathleen Hanson Senior Consultant and Principal Leader – Schools Practice Group Editor, The.

Copyright Marts & Lundy Cultivating a Culture of Philanthropy Kathleen Hanson Senior Consultant and Principal Leader – Schools Practice Group Editor, The.
David Garr, MD Executive Director South Carolina Area Health Education Consortium Associate Dean for Community Medicine Medical University of South Carolina.

David Garr, MD Executive Director South Carolina Area Health Education Consortium Associate Dean for Community Medicine Medical University of South Carolina.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
September 24, 2013 Nonprofit Essentials Institute for Public Engagement Governance: What Makes for Bad Board Governance.

September 24, 2013 Nonprofit Essentials Institute for Public Engagement Governance: What Makes for Bad Board Governance.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
February 21, 2012 Strategic Planning for Internationalization: A Discussion of Why to Plan, its Benefits and Issues in Implementing the Process Annual.

February 21, 2012 Strategic Planning for Internationalization: A Discussion of Why to Plan, its Benefits and Issues in Implementing the Process Annual.
IT Governance Navigating for Value Michael Vitale 6 May 2003 CIO Conference Steering the Enterprise Through Stormy Seas Image source: Access2000.

IT Governance Navigating for Value Michael Vitale 6 May 2003 CIO Conference Steering the Enterprise Through Stormy Seas Image source: Access2000.
Estándares claves para líderes educativos publicados por

Estándares claves para líderes educativos publicados por
IT Governance and Management

IT Governance and Management
1 Presentation Ivy Tech Community College Terre Haute, IN Jackie McCracken April 21, 2007.

1 Presentation Ivy Tech Community College Terre Haute, IN Jackie McCracken April 21, 2007.
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
1 Institutions as Allies in the Security Challenge Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush, James Madison.

1 Institutions as Allies in the Security Challenge Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush, James Madison.
1 Fighting Back With An Alliance For Secure Computing And Networking Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush,

1 Fighting Back With An Alliance For Secure Computing And Networking Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush,
© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

Similar presentations

Ads by Google