Insights from US and Canadian institutions on risk management and information security

michelle

 

 

Michelle Griffiths
ITS Project Manager
IT Services
University of Oxford
Member of UCISA-PCMG

 

 

Here are some highlights from a session I attended today about the application of practical risk management strategies, presented by the University of Tampa and the University of Saskatchewan.

    Overview – University of Tampa

  • Tampa – 8000 students from 50 states and 140 countries
  • 65% of full time students live in campus housing
  • Information security programme was started three years ago
  • CISO (Chief Information Security Officer) reports to the UT President
  • Co-manages a cyber security lab
  • Only school in the States that has reached full ISO/IEC 27001:2013 accreditation
    Overview – University of Saskatchewan

  • Member of Canada’s U15, top 15 research universities
  • 22,500 students from 100 countries
  • 16:1 faculty to student ratio
  • Info security programme formed in June 2012
  • Three representatives – ICT Security, ICT Compliance and ICT Access
  • Risk based programme not enforced
  • SSO (Single Sign-On) – for all systems that is managed by five staff
  • Cyber security challenges – Profit, risk and loss
    Risk management should focus on:

  • Lack of executive support
  • Inadequate investment
  • Inefficient investment
  • Inefficient info security leadership
  • Info security gaps
    Risk management challenges:

  • Things you don’t know/realize
  • Things you realize you don’t know
  • Things you realize you know
    Practical approach to risk management:

  • Answers are at your fingertips
  • Don’t worry about adopting every aspect of a rigorous standard approach
  • Focus on Info security lifecycle
  • Get Exec level buy-in
  • Get the stakeholders’ perspective on risk – admin staff and faculty

Resource:
Educause security awareness resources

Leave a Reply

Your e-mail address will not be published. Required fields are marked *