Home page logo

educause logo Educause Security Discussion mailing list archives

Re: success stories
From: Steve Schuster <sjs74 () CORNELL EDU>
Date: Thu, 20 Nov 2008 13:42:13 -0500

We are engaged in most of the activities listed below with some being
more successful than others.  Hands down the activity that has shown
the most success and has proven the most beneficial to our security
cause is our incident response strategy when an incident involved
confidential data.  When this is the case I stand up our Data
Incident Response Team (DIRT) to talk through the situation and
determine what actions the university needs to take.  Since the DIRT
team involves the appropriate data steward, Dean or unit head where
the incident occurred, technical staff in that unit, CIO, University
Counsel, Audit, Risk Management, Police and a couple of others, all
the right people get to hear first hand our challenges and the
consequences of when things don't go right.

After doing this for well over three years I don't need to spend much
time around campus trying to sell the need for security.


Steve Schuster
Director, IT Security Office
Cornell University
sjs74 () cornell edu

On Nov 19, 2008, at 2:21 PM, Kathy Bergsma wrote:

I'm interested in hearing about your success stories engaging senior
management support for security initiatives.  What methods worked
at your institution?  I've suggested some methods below.  Let me
know which ones have worked for you and identify others ideas not

Fear, uncertainty and doubt
Metaphors and analogies
Comparison with peer institutions
Financial benefits such as ROI (return on investment)
Leverage an incident
Working behind the scenes
Ask forgiveness rather than permission
Little by little baby steps
Relationship building with key players?  Who are the key players
Other ideas

Kathy Bergsma
UF Information Security Manager

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]