Creating Executive Awareness about Information Security - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Creating Executive Awareness about Information Security

Description:

... Executive Awareness about Information Security. Joy Hughes, VP, George Mason Univ. ... Traditional excellence: performing arts, public policy, economics, IT. ... – PowerPoint PPT presentation

Number of Views:90
Avg rating:3.0/5.0
Slides: 14
Provided by: rodneyp3
Category:

less

Transcript and Presenter's Notes

Title: Creating Executive Awareness about Information Security


1
Creating Executive Awareness about Information
Security
  • Joy Hughes, VP, George Mason Univ.
  • jhughes_at_gmu.edu
  • Jack Suess, VP, UMBC
  • jack_at_umbc.edu
  • EDUCAUSE ANNUAL 2005

2
George Mason University
  • 40 years old, 30,000 students, four campuses
  • Strong deans, but centralized funding model
  • Computing somewhat distributed, somewhat
    centralized
  • Goal to be in top 100 w.r.t. research
  • Traditional excellence performing arts, public
    policy, economics, IT. Now becoming biosciences
    25M lab NIH cancer team
  • Two Nobel prize winners on faculty yet 40 of
    faculty are adjuncts

3
UMBC
  • 39 years old, 12,000 students, 1 campus
  • Research/extensive designation - focus on
    science, engineering, IT, and public policy
  • Moving from centralized to decentralized in
    management
  • Stable management team, most have been in place
    for 10 years.

4
Aspects of the Culture that Influence Masons
Security Strategies
  • IT staff can not order others to use certain
    hardware/software or to take particular security
    measures.
  • Decisions are made in a collegial manner with
    much opportunity for input from broad sections of
    the campus community.
  • The president is external he can not lead
    without the support of the deans, faculty, Board,
    etc.

5
Aspects of Culture that Influence UMBCs Security
Strategies
  • Collegiality - the management team is stable and
    works together on issues. Weekly VPs/Deans
    meeting allows group to share issues.
  • Strong support for governance structure and
    governance works closely with administration
  • Founders are retiring, which is causing culture
    to change

6
Aspects of the Political System at Mason that
Influence Security Strategies
  • IT can not charge back for security services.
  • The deans are more inclined to listen to their
    own experts when it comes to technology rather
    than to IT.
  • The Budget Group has to be perceived as engaged
    in processes that are reasonably fair and
    strategic or it will lose legitimacy and not be
    able to function.

7
Aspects of Political System at UMBC Influencing
Security
  • Governance process makes policy approval lengthy
    and requires significant time from sponsoring
    entity
  • Small enough that people know each other and
    expect personal communication.
  • President has tremendous support, even after 14
    years!

8
Mason Strategies to Promote Executive Awareness
  • Engage
  • the presidents chief of staff (he sets the
    Board agenda and Cabinet agenda)
  • the distributed SAs (if they support what you
    are doing, they will let their leaders know and
    vice versa)
  • the technology thought leaders in the academic
    units (the deans listen to them)
  • the auditors(they report to the Board)
  • the Budget Group (duh! they have the money)

9
UMBC Strategies to Promote Executive Awareness
  • Engage - around points of leverage
  • President - his concern is maintaining good
    legislative audits
  • Provost - his concern is academic integrity
  • VP of Research - regulatory compliance
  • My personal engagement in the formal governance
    process
  • Engage departmental IT Staff
  • Engage central IT staff

10
Strategies to Promote Executive Awareness
  • Create Groups that will Influence Executives
    a compliance team a systems administrators
    leadership team a group of security liaisons
    appointed by their deans an executive
    enterprise risk management group

11
Strategies to Promote Executive Awareness
  • Leverage security into
  • Existing channels in your institution
  • Governance
  • Budget and Planning
  • Departmental IT liaisons
  • Personal Discussions with key stakeholders
  • Central and departmental IT

12
What Id Tell My Successor to Do!
  • Use your ex-officio status to connect with
    governance groups
  • Set up regular individual meetings with other
    VPs and Deans to discuss IT and security issues
    before bringing them up in the VP meetings
  • Continue IT security working group meetings
  • Learn the culture before proposing new policies.

13
Security Resources
  • EDUCAUSE/Internet2 Security Task
    Forcehttp//www.educause.edu/security
  • To view and/or download the videowww.educause.ed
    u/LibraryDetailPage/666?IDCSD4121
Write a Comment
User Comments (0)
About PowerShow.com