Educause Security Discussion
mailing list archives
Re: Reorganizing for security team
From: Sol Bermann <solb () UMICH EDU>
Date: Fri, 18 Jul 2014 11:51:49 -0400
Am happy to discuss how U-M has evolved this over the past 10 years
Interim University of Michigan Chief Information Security Officer
Privacy Officer and IT Policy, Compliance and Enterprise Continuity
ITS - Information & Infrastructure Assurance
University of Michigan
solb () umich edu
On Fri, Jul 18, 2014 at 11:47 AM, Nevin, David <Dave.Nevin () oregonstate edu>
We’re about a year ahead of you in this process it seems—like you,
security was primarily a network function with AV handled by a server
In brief, our office (InfoSec) will provide "application layer" support,
including access permissions, for our InfoSec Tools. Our net/infrastructure
teams will provide hardware and OS-level support for the tools.
At this point in time we’re continue to work very closely together and
since positions have been shifted from other teams to form the group, this
is happening gradually with the above as an end goal.
Feel free to ping me if you’d like to talk about more specific details.
Chief Information Security Officer
Oregon State University
From: Theresa Rowe <rowe () OAKLAND EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU>
Date: Friday, July 18, 2014 at 8:34 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Reorganizing for security team
We are finally at a point where we can reorganize to create a separate
security team. Security is now primarily on the network team, with AV
systems and the like on a technical architecture team.
Those of you who have created a separate security team can help us out.
What tasks (like firewall installation, firewall rule updates, SIEM
implementation, etc.) are done on what team? What belongs to networks,
what belongs to systems, and what belongs to security? How did you
architect the separation of duties?
Thanks for all insight -
Chief Information Officer