Talking With The Boss About Security Darlene Quackenbush, James Madison University Shirley Payne, University of Virginia EDUCAUSE Conference October 21.

Slides:

Advertisements

Similar presentations

Healthy Schools, Healthy Children?

Advertisements

Twelve Cs for Team Building

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Head of Learning: Job description

Quality, Improvement & Effectiveness Unit

Tri-County Technical College Quality Enhancement Plan.

Creating Executive Awareness about Information Security Joy Hughes, VP, George Mason Univ. Jack Suess, VP, UMBC EDUCAUSE.

IT Governance: Prioritizing Projects through Inclusivity, Communications and Transparency Stephen A. Vieira CIO and Executive Director of IT The Community.

1 The CMO – One Size Fits All? Jake Julia, Ph.D.Brenda Sprite Northwestern UniversityNavigator Management Partners Session Presented at the Inaugural Global.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Adopt & Adapt Tips on Enterprise Data Management Annette Pence September 10, 2009 MITRE.

Office of Academic Affairs June 1, 2007 Academic Priorities: Next Steps Spring Symposium 2007.

University Methodology to Lead Change... in support of Human Resources goals for: Work Realignment Workforce Reduction and Changes Workforce Development.

1 GETTING STARTED WITH ASSESSMENT Barbara Pennipede Associate Director of Assessment Office of Planning, Assessment and Research Office of Planning, Assessment.

Performance Management in Higher Education - thoughts from Kent Margaret Ayers.

Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College "Copyright Penn State University This work is the intellectual.

IT Strategic Planning From Technical Dreams to Institutional Reality

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Attaining the Power of eLearning Through Strategic Planning Dr. Shirley Waterhouse Director, Educational Technology Embry-Riddle Aeronautical University.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

1 Institutions as Allies in the Security Challenge Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush, James Madison.

1 Fighting Back With An Alliance For Secure Computing And Networking Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush,

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Peer Information Security Policies: A Sampling Summer 2015.

1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

Enterprise IT Decision Making

Coast Consulting Group 2003 Board Governance Overview Coast Consulting Group 2003.

1 Building an Exceptional Board: What Makes Great Boards Great? PNAIS Institutional Leadership Conference October 26, 2008 Nancy R. Axelrod Governance.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

HIGHLY EFFECTIVE BOARDS STATE UNIVERSITY SYSTEM OF FLORIDA ASSOCIATION OF GOVERNING BOARDS Thomas C. Meredith, Senior Fellow November 6, 2014.

Stages of Commitment to Change: Leading Institutional Engagement Lorilee R. Sandmann, University of Georgia Jeri Childers, Virginia Tech National Outreach.

Focus on Learning: Student Outcomes Assessment and the Learning College.

Faculty Handbooks Shared Governance. Faculty Handbooks College and university handbooks touch on a broad array of issues, from the composition of an institution's.

ERM or COLLEGE WIDE RISK MANAGEMENT - MADE EASY Financial Management Institute – June 6 th, 2007 Peter Lockie, Chief Financial Officer Camosun College.

EDUCAUSE 2014 Top Ten IT Issues. Today’s Agenda Introduction to EDUCAUSE IT Issues History & Methodology 2014 Top Ten IT Issues Selected Issues Reviewed.

Seminars on Academic Computing Addressing Organizational Development at Collab State University August 5, 2007.

Analysis of 2007 BOD Assessment Checklists Prepared by: Cambria Tidwell.

Western Collaboratives Med Rec/SSI call September 12, 2006 “Three weeks to go!” Dr. Robin Ensom, co-chair Med Rec Collaborative Shirley Gobelle, SSI Faculty.

Leading Change A Case Study: Clinical Group Practices Denice Stewart, DDS, MHSA Associate Dean, Clinical Affairs Professor, Community Dentistry.

Nuclear Security Culture William Tobey Workshop on Strengthening the Culture of Nuclear Safety and Security, Sao Paulo, Brazil August 25-26, 2014.

Workshop Four Topic 4.5 Human Resources Development © Ana G. Méndez University System, All rights reserved.

New Frameworks for Strategic Enrollment Management Planning

Aligning IT Investments (Plan) and the Institutional Strategic Plan Team 2 Ed Pokraka Shelley Reed Jeff Cepull Will Krause Educause Seminars On Academic.

Transforming Patient Experience: The essential guide

Relating to the Public.

Cedar Crest College Strategic Planning Community Day.

Monitoring and Oversight: College Completion and Attainment Dr. Kevin Reilly & Dr. Sheila Stearns AGB Consultants December 7th, 2015.

Kathy Corbiere Service Delivery and Performance Commission

From cost to value: 2010 Global Survey on the CIO Agenda June 15 th, 2010 IT ADVISORY KPMG INTERNATIONAL.

1 Planning and Programming for Effective Use of External Audit Resources Victor Rezendes Managing Director Strategic Issues U.S. General Accounting Office.

Talking With The Boss About Security Darlene Quackenbush, James Madison University Shirley Payne, University of Virginia EDUCAUSE Security Professionals.

Information Literacy Prepared for “The Role of Academic Libraries In Fostering Civil Society” Nancy Bolt, September 2002 Nancy Bolt & Associates.

Resources for Meeting Internet Safety Requirements Cheryl Elliott James Madison University Bill Johnsen Virginia Beach City Public Schools Educational.

Criterion 1 Mission A. The institution's mission is broadly understood within the institution and guides its operations. B. The mission is articulated.

AACN – Manatt Study In February 2015, the AACN Board of Directors commissioned Manatt Health to conduct a study on how to position academic nursing to.

Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.

Provost’s Report Global Penn State: Our Ongoing Efforts to Be a Truly Global University Dr. Nicholas P. Jones Meeting of the Board of Trustees Friday,

UTPA 2012: A STRATEGIC PLAN FOR THE UNIVERSITY OF TEXAS-PAN AMERICAN Approved by President Cárdenas November 21, 2005 Goals reordered January 31, 2006.

ASCCC Cultural Competency and Advocacy Plan Update Cleavon Smith, Berkeley City College Carolyn Holcroft, Foothill College.

Strategic Plan: Goals, Objectives & Success Measures Administrative Forum, South Campus June 17,

Dallas County Community College District – The LeCroy Center Taking the Pulse of Online Learning: Using the Quality Score Card in the DCCCD ROOM X2005.

1 EDUCAUSE Mid-Atlantic Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit.

Principles of Good Governance

Overview – Guide to Developing Safety Improvement Plan

Overview – Guide to Developing Safety Improvement Plan

The EDUCAUSE 2019 Top 10 IT Issues

The EDUCAUSE 2019 Top 10 IT Issues

Presentation transcript:

Talking With The Boss About Security Darlene Quackenbush, James Madison University Shirley Payne, University of Virginia EDUCAUSE Conference October 21 st, 2005

2 We must all become much more vigilant in the provision of secure systems, in intrusion detection, in rapid response, and especially in education. We must practice, teach, and infuse all aspects of security into campus lives. Dr. Linwood H. Rose President, James Madison University “Information Security: A Difficult Balance” EDUCAUSE Review, September/October 2004

3 Agenda The Executive Audience Benefits of Effective Communication Obstacles To Effective Communication Communication Strategies & Examples References

4 The Executive Audience Boards of Trustees Presidents Vice Presidents & Provosts Deans & Department Heads Chiefs of Staff

5 Perceived Barriers To IT Security Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

6 Perceived Barriers To IT Security Information Technology Security Study EDUCAUSE Center for Applied Research, Sept Executives can help define appropriate security/privacy balance

7 Privacy and academic freedom are critical components of campus culture; it is vital that decisions on policies and procedures regarding security and related issues be carefully vetted, understood, and authorized by both the highest levels of the campus leadership and the representatives of the campus community. The executive role in all of these matters is crucial if internal dissension and unnecessary strife are to be avoided. “Presidential Leadership for IT” David Ward and Brian L. Hawkins EDUCAUSE Review, May/June 2003

8 Perceived Barriers To IT Security Information Technology Security Study EDUCAUSE Center for Applied Research, Sept Executives can enhance policy quality & acceptance

9 Perceived Barriers To IT Security Information Technology Security Study EDUCAUSE Center for Applied Research, Sept Executives can help determine/clarify responsibilities

10 Perceived Barriers To IT Security Information Technology Security Study EDUCAUSE Center for Applied Research, Sept Executives can influence others to change

11 If you can get the president to set the right tone, a majority on campus will likely follow her or his lead in supporting the changes and improvements you recommend. “Gaining the President’s Support for IT Initiative at Small Colleges.” Laurence W. Mazzeno, President, Alvernia College EDUCAUSE Quarterly, Number 1, 2004

12 Perceived Barriers To IT Security Information Technology Security Study EDUCAUSE Center for Applied Research, Sept Executives can determine resources based on risks, if they know them

13 Additional Benefits Opportunity to establish appropriate expectations Constructive involvement should a security incident occur

14 In a time of crisis, it’s always good to have a boss smarter than you. Joy Hughes, VP/CIO, George Mason University

15 Be Prepared For... Additional Work To: –tailor the information –provide status reports, possibly including development of new metrics –respond to inquiries Increased accountability

16 Obstacles To Effective Communication Security, Security, Etc.

17 Obstacle: Responsibility for security placed low in the organization Alarmist view or straight facts? What’s his experience level?

18 Obstacle: Significant lack of awareness What do computers have to do with identity theft? Why is he talking about fishing?

19 Obstacle: Unclear terminology IPS = International Primatological Society “Compromised” computer?

20 Obstacle: Security not an institutional priority This doesn’t help attract research $$ This doesn’t enhance student life

21 Obstacle: Lack of security metrics Is the situation really getting worse? How do we compare with others?

22 Obstacle: Security viewed as one-time fix-it project But we trained the workforce three years ago! You’ve had your turn at the well.

23 Obstacle: Cultural factors There will be an insurrection if we centralize server management! What do the faculty think of this idea?

24 Obstacle: Executive role not clear I’m not a techie. How could I possibly help? So what are we paying the CIO to do?

25 Effectively Talking With the Boss About Security Requires… Establishing trust Building awareness Losing the jargon Linking security to institutional priorities Solidifying business case with metrics Setting appropriate expectations Addressing cultural issues Emphasizing importance of executive level involvement

26 Communication Strategies “getting it done” Good communication doesn’t just happen On-going attention

27 A Project Plan... Review the landscape Set a target Managed communication Maintaining communication

28 Differing Viewpoints ISO or Security Practioner Operational Focused Technical Executive Governance Broad Mission-focused

29 Targeting Nirvana Source: Governing for Enterprise Security, Julia Allen, June 2005 Enterprise level Expected and respected topic Treated as a business requirement Appears regularly on the executive agenda Addressed in strategic and operational planning

30 Targeting Nirvana (continued) Discussion and debate are encouraged Regular benchmarking Leaders are respected as value contributors Business enabler Integrated into the enterprise Not solely an IT responsibility Full understanding of individual roles and responsibilities

31 Strategies Advocate security as risk management Identify risks at an the executive level Craft the security message Prepare to inform and educate Engage others Remain open Accommodate the culture Communicate for the long-term

32 Maintenance Stay informed Be persistent Remain agile Be honest

33 Positive Achievement Commuication among parties that are informed, persistently committed, agile in their views and honest in dealing with information security Communications Nirvana Real Value for Security

34 References ACE Letter to Presidents Regarding Cybersecurity Developing Security Education and Awareness Programs Gaining the President’s Support for IT Initiatives at Small Colleges Governing for Enterprise Security EDUCAUSE Information Security Governance Assessment Tool Information Security: A Difficult Balance Information Security Governance: A Call to Action Information Technology Security: Governance, Strategy, and Practice in Higher Education Presidential Leadership for Information Technology Report of the Best Practices and Metrics Teams