Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: success stories
From: "Lazor, Joseph" <JLazor () ADMIN FSU EDU>
Date: Thu, 20 Nov 2008 08:41:54 -0500

Development, adoption, deployment, and compliance monitoring of an IT
Security Governance Industry Standard such as ISO 17799.  Concurrent
with  this -- Enterprise ITSEC Strategy (ITSEC is a risk management
issue not a technical one!), enabling programs, federated compliance
monitoring tools, and performance metrics.

Suggested approach includes:
1.      Articulate and approve an overall security strategy.
2.      Develop a security technical architecture to support the
strategy.
3.      Establish needed policies to support the strategy and
architecture.
4.      Acquire additional tools to support the architecture.
5.      Establish an organizational structure to deploy the tools and
monitor policy adherence.
6.      Establish a management reporting mechanism to inform unit and
executive management about unit 
        adherence to the strategy and policies as well as to compromised
systems. 
7.      Prioritize activities into implementation phases.
8.      Communicate the overall security program to the campus
community.


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kathy Bergsma
Sent: Wednesday, November 19, 2008 2:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] success stories

I'm interested in hearing about your success stories engaging senior
management support for security initiatives.  What methods worked at
your 
institution?  I've suggested some methods below.  Let me know which ones
have 
worked for you and identify others ideas not listed.

Fear, uncertainty and doubt
Metaphors and analogies
Comparison with peer institutions
Financial benefits such as ROI (return on investment)
Leverage an incident
Metrics
Working behind the scenes
Ask forgiveness rather than permission
Little by little baby steps
Relationship building with key players?  Who are the key players
Other ideas

-- 
Kathy Bergsma
UF Information Security Manager
352-392-2061

Attachment: Joseph A Lazor CGEIT CISM.vcf
Description: Joseph A Lazor CGEIT CISM.vcf


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault