Talking With The Boss About Security Darlene Quackenbush, James Madison University Shirley Payne, University of Virginia EDUCAUSE Security Professionals.

Slides:



Advertisements
Similar presentations
Tools for the Political Analysis of Policy Reform Initiatives Merilee S. Grindle Edward S. Mason Professor of International Development John F. Kennedy.
Advertisements

Building a Strategic Management System Office for Student Affairs, Twin Cities Campus Ground Level Work Metrics Initiatives Managing Change Change Management.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
CUPA-HR Strong – together!
Creating Executive Awareness about Information Security Joy Hughes, VP, George Mason Univ. Jack Suess, VP, UMBC EDUCAUSE.
Copyright Marts & Lundy Cultivating a Culture of Philanthropy Kathleen Hanson Senior Consultant and Principal Leader – Schools Practice Group Editor, The.
David Garr, MD Executive Director South Carolina Area Health Education Consortium Associate Dean for Community Medicine Medical University of South Carolina.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
September 24, 2013 Nonprofit Essentials Institute for Public Engagement Governance: What Makes for Bad Board Governance.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
February 21, 2012 Strategic Planning for Internationalization: A Discussion of Why to Plan, its Benefits and Issues in Implementing the Process Annual.
IT Governance Navigating for Value Michael Vitale 6 May 2003 CIO Conference Steering the Enterprise Through Stormy Seas Image source: Access2000.
Estándares claves para líderes educativos publicados por
IT Governance and Management
1 Presentation Ivy Tech Community College Terre Haute, IN Jackie McCracken April 21, 2007.
IT Security Challenges In Higher Education Steve Schuster Cornell University.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
1 Institutions as Allies in the Security Challenge Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush, James Madison.
1 Fighting Back With An Alliance For Secure Computing And Networking Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush,
© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.
Essential Concepts for School for Prevention First Patricia Berry, M.A. CSAP Essential Concepts for School m 1 BUILDING THE 5 ESSENTIAL.
The purpose of this poster is to document some of the lessons learned during my first 3 months in a new leadership position at a.
Maureen Noonan Bischof Eden Inoway-Ronnie Office of the Provost Higher Learning Commission of the North Central Association Annual Meeting April 22, 2007.
Departmental Risk Assessment Coordinators (DRAC) Program CUVA Conference May 23, 2012 Mason Inn George Mason University Robert Nakles and Josh Schiefer.
Coast Consulting Group 2003 Board Governance Overview Coast Consulting Group 2003.
Sustaining Change in Higher Education J. Douglas Toma Associate Professor Institute of Higher Education University of Georgia May 28, 2004.
1 Building an Exceptional Board: What Makes Great Boards Great? PNAIS Institutional Leadership Conference October 26, 2008 Nancy R. Axelrod Governance.
Purpose A crisis communication plan coordinates the communication within the organization, as well as between the organization and the media and the public.
International Student Services Informed Budget Process: FY 2013 IBP Progress Report & FY 2014 IBP Budget Request.
University Strategic Resource Planning Council Budget.
Colorado Springs Utilities Environmental Services Functional Assessment Presentation for the American Public Power Association’s 2001 Engineering & Operations.
KEYS TO SUCCESS NCURA Region IV Spring Meeting April 27 – 30, 2014 © 2014 National Council of University Research Administrators National Council of University.
HIGHLY EFFECTIVE BOARDS STATE UNIVERSITY SYSTEM OF FLORIDA ASSOCIATION OF GOVERNING BOARDS Thomas C. Meredith, Senior Fellow November 6, 2014.
MSCHE Expectations for Governance Mary Ellen Petrisko, Vice President Middle States Commission on Higher Education Annual Conference December 12, 2011.
EDUCAUSE 2014 Top Ten IT Issues. Today’s Agenda Introduction to EDUCAUSE IT Issues History & Methodology 2014 Top Ten IT Issues Selected Issues Reviewed.
University of Idaho Successful External Program Review Archie George, Director Institutional Research and Assessment Jane Baillargeon, Assistant Director.
1 Created by Angela Ward Intro. to Culturally Responsive Pedagogy Student –Focused Dialogue.
Presentation Reprised from the NASFAA 2014 Conference By Pamela Fowler University of Michigan Ann Arbor Getting a Seat at the Table 1.
Community Board Orientation 6- Community Board Orientation 6-1.
Western Collaboratives Med Rec/SSI call September 12, 2006 “Three weeks to go!” Dr. Robin Ensom, co-chair Med Rec Collaborative Shirley Gobelle, SSI Faculty.
Meeting the ‘Great Divide’: Establishing a Unified Culture for Planning and Assessment Cathy A. Fleuriet Ana Lisa Garza Presented at the 2006 Conference.
New Frameworks for Strategic Enrollment Management Planning
Transforming Patient Experience: The essential guide
Relating to the Public.
Cedar Crest College Strategic Planning Community Day.
Fiduciary Principles and Habits of Effective Boards December 7, 2015 Dr. Sheila Stearns, AGB Consultant Dr. Kevin Reilly, AGB Senior Fellow.
Strategic Planning, Policy, Public Safety, and a Shared Vision for IU’s Regional Campuses.
Topics of Discussion Manage the Personal Relationship Gain trust within the Professional Relationship Create measurable work expectations and accountability.
Kathy Corbiere Service Delivery and Performance Commission
Talking With The Boss About Security Darlene Quackenbush, James Madison University Shirley Payne, University of Virginia EDUCAUSE Conference October 21.
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)
Supervisory Officer ???? January 29, 2016 Presentation to the Ontario Public Supervisory Officers’ Association – Leadership and Effective School Board.
AACN – Manatt Study In February 2015, the AACN Board of Directors commissioned Manatt Health to conduct a study on how to position academic nursing to.
Strengthening Minority Serving Institutions: HR Best Practices and Innovations November 10, 2015 In Partnership with PeopleAdmin.
Council for the Advancement of Standards in Higher Education.
HLC Criterion Two Primer Tuesday Sept. 8, Criterion Two. Integrity: Ethical and Responsible Conduct The institution acts with integrity; its conduct.
Practical IT Research that Drives Measurable Results Establish an Effective IT Steering Committee.
Developmental Intervention Model Use for student or institution Can be planned or responsive Planned (Disable Student Services) Responsive (Teacher notices.
1 EDUCAUSE Mid-Atlantic Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit.
Welcome and Introduction January 11, 2017
Principles of Good Governance
Information Security Program
Massachusetts Department of Higher Education Boston, Massachusetts
HIPAA Implementation Strategies for Compliance Professionals
HIPAA Implementation Strategies for Compliance Professionals
Representing All Faculty: The Role of the Senate President
Aligning HR Resources in a Siloed Environment
Corporate Governance – Principles, Policies and Practices 3e
Presentation transcript:

Talking With The Boss About Security Darlene Quackenbush, James Madison University Shirley Payne, University of Virginia EDUCAUSE Security Professionals Conference April 4 th, 2005

2 We must all become much more vigilant in the provision of secure systems, in intrusion detection, in rapid response, and especially in education. We must practice, teach, and infuse all aspects of security into campus lives. Dr. Linwood H. Rose President, James Madison University “Information Security: A Difficult Balance” EDUCAUSE Review, September/October 2004

3 Agenda The Executive Audience Benefits of Effective Communication Obstacles To Effective Communication Leveraging Institutional Culture Communication Strategies & Examples

4 The Executive Audience Boards of Trustees Presidents Vice Presidents & Provosts Deans & Department Heads Chiefs of Staff

5 Perceived Barriers To IT Security Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

6 Benefit: Appropriate Strategies Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

7 Privacy and academic freedom are critical components of campus culture; it is vital that decisions on policies and procedures regarding security and related issues be carefully vetted, understood, and authorized by both the highest levels of the campus leadership and the representatives of the campus community. The executive role in all of these matters is crucial if internal dissension and unnecessary strife are to be avoided. “Presidential Leadership for IT” David Ward and Brian L. Hawkins EDUCAUSE Review, May/June 2003

8 Benefit: Effective Policies Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

9 Benefit: Clear Assignment of Responsibilities Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

10 Benefit: Executive Role Model Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

11 If you can get the president to set the right tone, a majority on campus will likely follow her or his lead in supporting the changes and improvements you recommend. “Gaining the President’s Support for IT Initiative at Small Colleges.” Laurence W. Mazzeno, President, Alvernia College EDUCAUSE Quarterly, Number 1, 2004

12 Benefit: Investment Aligned With Risk Profile Information Technology Security Study EDUCAUSE Center for Applied Research, Sept. 2003

13 Additional Benefits Opportunity to establish appropriate expectations Constructive involvement should a security incident occur

14 In a time of crisis, it’s always good to have a boss smarter than you. Joy Hughes, VP/CIO, George Mason University

15 Be Prepared For... Additional Work To: –tailor the information –provide status reports, possibly including development of new metrics –respond to inquiries Increased accountability

16 Obstacle To Effective Communication: Who are you? Responsibility for security is placed low in the organization

17 Obstacle To Effective Communication: IT security? Significant lack of awareness

18 Obstacle To Effective Communication: Why spend my time on this? Security not an institutional priority

19 Obstacle To Effective Communication: Why can’t you handle it yourself? Executive role not clear

20 Obstacle To Effective Communication: What the heck is an IPS? Techno-speak

21 Obstacle To Effective Communication: Where’s the ROI? Lack of security metrics

22 Obstacle To Effective Communication: You again? Security viewed as one-time fix-it project

23 Obstacle To Effective Communication: That’s not how we do things here? Cultural Factors

24 What Defines Culture? Strategic Planning and Decision-Making –Examples: Top-down Bottom-up Consensus-based Institutional Values –Examples: Collegial working relationships Emphasis on accountability at all levels of institution Strong faculty influence Student honor code

25 What Defines Culture? Control of Operational Functions –Examples: Centralized Decentralized Long-term Institutional Priorities –Examples: Increase research Increase community outreach Compliance Other influences on culture?

26 A Good Blueprint A plan A function of environment Express one’s culture/desires Based on examples/knowledge of others Guide for communicating with others

27 Communication Strategies Silence is NOT golden  Communicate early and often  Build Awareness  Build Trust

28 Communication Strategies Prepare to communicate  Know your security goals  Be prepared to educate  Craft the message  Have outcomes in mind

29 Communication Strategies Adjust to change  Listen  Draw linkages  Monitor technical and regulatory changes  Consider timing  Promote agility

30 Communication Strategies Prepare for the “long haul”  Manage expectations  Embed security  Communication as an investment  Accountability

31 Communication Strategies Leverage culture  Tools/Tailoring/Timing  Compromise/ Consensus  Compliance  Shared ownership

32 Ideas For Using Culture Consensus-based Decision-Making Gain Mid-level Support First University of Virginia LSP Program George Mason University SALT Group

33 Ideas For Using Culture Increasing Emphasis on Compliance Spotlight Federal Regulations Related to Security & Privacy IT Security for Higher Education: A Legal Perspective Family Educational Rights & Privacy Act Gramm Leach Bliley Act Health Insurance Portability & Accountability Act

34 Communication Strategies Seize “opportunities”  Bad things will happen  Anxiety is attention  So is Contemplation  Change culture

35 References ACE Letter to Presidents Regarding Cybersecurity Developing Security Education and Awareness Programs Gaining the President’s Support for IT Initiatives at Small Colleges EDUCAUSE Information Security Governance Assessment Tool Information Security: A Difficult Balance Information Security Governance: A Call to Action Information Technology Security: Governance, Strategy, and Practice in Higher Education Presidential Leadership for Information Technology

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.