Creating Executive Awareness about Information Security

About This Presentation

Title:

Description:

Number of Views:90

Avg rating:3.0/5.0

Slides: 14

Provided by: rodneyp3

Category:

more less

Transcript and Presenter's Notes

Title: Creating Executive Awareness about Information Security

1
Creating Executive Awareness about Information
Security

2
George Mason University

40 years old, 30,000 students, four campuses
Strong deans, but centralized funding model
Computing somewhat distributed, somewhat
centralized
Goal to be in top 100 w.r.t. research
Traditional excellence performing arts, public
policy, economics, IT. Now becoming biosciences
25M lab NIH cancer team
Two Nobel prize winners on faculty yet 40 of
faculty are adjuncts

3
UMBC

39 years old, 12,000 students, 1 campus
Research/extensive designation - focus on
science, engineering, IT, and public policy
Moving from centralized to decentralized in
management
Stable management team, most have been in place
for 10 years.

4
Aspects of the Culture that Influence Masons
Security Strategies

IT staff can not order others to use certain
hardware/software or to take particular security
measures.
Decisions are made in a collegial manner with
much opportunity for input from broad sections of
the campus community.
The president is external he can not lead
without the support of the deans, faculty, Board,
etc.

5
Aspects of Culture that Influence UMBCs Security
Strategies

Collegiality - the management team is stable and
works together on issues. Weekly VPs/Deans
meeting allows group to share issues.
Strong support for governance structure and
governance works closely with administration
Founders are retiring, which is causing culture
to change

6
Aspects of the Political System at Mason that
Influence Security Strategies

IT can not charge back for security services.
The deans are more inclined to listen to their
own experts when it comes to technology rather
than to IT.
The Budget Group has to be perceived as engaged
in processes that are reasonably fair and
strategic or it will lose legitimacy and not be
able to function.

7
Aspects of Political System at UMBC Influencing
Security

Governance process makes policy approval lengthy
and requires significant time from sponsoring
entity
Small enough that people know each other and
expect personal communication.
President has tremendous support, even after 14
years!

8
Mason Strategies to Promote Executive Awareness

Engage
the presidents chief of staff (he sets the
Board agenda and Cabinet agenda)
the distributed SAs (if they support what you
are doing, they will let their leaders know and
vice versa)
the technology thought leaders in the academic
units (the deans listen to them)
the auditors(they report to the Board)
the Budget Group (duh! they have the money)

9
UMBC Strategies to Promote Executive Awareness

10
Strategies to Promote Executive Awareness

Create Groups that will Influence Executives
a compliance team a systems administrators
leadership team a group of security liaisons
appointed by their deans an executive
enterprise risk management group

11
Strategies to Promote Executive Awareness

12
What Id Tell My Successor to Do!

Use your ex-officio status to connect with
governance groups
Set up regular individual meetings with other
VPs and Deans to discuss IT and security issues
before bringing them up in the VP meetings
Continue IT security working group meetings
Learn the culture before proposing new policies.

13
Security Resources

EDUCAUSE/Internet2 Security Task
Forcehttp//www.educause.edu/security
To view and/or download the videowww.educause.ed
u/LibraryDetailPage/666?IDCSD4121

Write a Comment

User Comments (0)