Educause Security Discussion
mailing list archives
Re: Reorganizing for security team
From: "Nevin, David" <Dave.Nevin () OREGONSTATE EDU>
Date: Fri, 18 Jul 2014 15:47:46 +0000
We’re about a year ahead of you in this process it seems—like you, security was primarily a network function with AV
handled by a server support team.
In brief, our office (InfoSec) will provide "application layer" support, including access permissions, for our InfoSec
Tools. Our net/infrastructure teams will provide hardware and OS-level support for the tools.
At this point in time we’re continue to work very closely together and since positions have been shifted from other
teams to form the group, this is happening gradually with the above as an end goal.
Feel free to ping me if you’d like to talk about more specific details.
Chief Information Security Officer
Oregon State University
From: Theresa Rowe <rowe () OAKLAND EDU<mailto:rowe () OAKLAND EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY ()
LISTSERV EDUCAUSE EDU>>
Date: Friday, July 18, 2014 at 8:34 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] Reorganizing for security team
We are finally at a point where we can reorganize to create a separate security team. Security is now primarily on the
network team, with AV systems and the like on a technical architecture team.
Those of you who have created a separate security team can help us out. What tasks (like firewall installation,
firewall rule updates, SIEM implementation, etc.) are done on what team? What belongs to networks, what belongs to
systems, and what belongs to security? How did you architect the separation of duties?
Thanks for all insight -
Chief Information Officer