Educause Security Discussion mailing list archives
Re: Security Program Development / Staffing survey - Not social engineering.
From: James Moore <jhmfa () RIT EDU>
Date: Mon, 30 Aug 2004 13:59:57 -0400
Good point, although I can think of better information, like some of what has been floating along the list regarding vulnerability scanners in use, IDSs in use, etc. It is a safe assumption that the bad guys are on the list, and listening. That is why people more often voice this kind of question through forums of FIRST, I4, or ESF. But participation in those venues, often implies a maturing, rather than starting program. But most people on Educause Security list know me. I was on the progam committee for this year's Educause Security Professionals Workshop. In years of tight budgeting, it is difficult to grow an information security program. I tried 2 years ago with benchmarking. I followed with an information security posture assessment (also documented for Educause, and in their archives). I am trying again with benchmarking. I imagine that there are other people who have been trying to start information security programs ever since GLBA, and have found themselves wanting/needing to expand, but without resources. Then they want to be proactive, but can't over commit, or risk the credibility of the program. I am gathering this information for myself. I can see its broader use, as well. Jim
-----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Samuel Liles Sent: Monday, August 30, 2004 1:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Security Program Development / Staffing survey - Brief I don't want to be trite, but wouldn't that exact information make a great finger print of an institution? I think it would be one of the greatest social engineering hacks of all times. So Eve says to Alice "I logged onto a mail server and everybody sent me their technology capabilities and institutional protection capabilities... No really!". Welcome back to school. -------------------------- Sam Liles Purdue University Calumet Assistant Professor CISIT Gyte 278 2200 169th Street Hammond, IN 46323-2094 liless () calumet purdue edu sliles () purdue edu (West Lafayette) (219)989-3195 Voice -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Moore Sent: Monday, August 30, 2004 11:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Security Program Development / Staffing survey - Brief I am trying to do benchmarking to describe "normal" growth for our information security program. Mail To: jhmfa () rit edu Indicate if you want to be included in a summary for Educause. 1). How large is your institution? 2) Do you have factors which make your information security especially complex a) medical school? B) gov't contracts, sensitive information? c) technology school? d) other? 3) Is your information security program institute wide? If not, describe? 4) How long ago did you start your information security program? 5) How many people have information security as full-time position? 6) How many people are in information security part-time positions (at least half-time)? 7) How many people do? a) Information Security Policy/Standards Development b) Information Security Awareness c) Incident Handling / Investigations d) Are all abuse reports treated as incidents? If not, how many do abuse report handling? e) Network Monitoring / Scanning / IDS /ISP f) Risk Assessment / Security Reviews of systems in development 8) How did your program develop in the first few years? (e.g. We started with 1, a year later we added another, 2 years later we added 2 more ...) 9) Lessons learned or war stories (e.g. We deployed too much new technology early on, without raising awareness ...) Jim - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Office: 585-475-5406 Lab: 585-475-4122 Fax: 585-475-7950 "In the middle of difficulty lies opportunity." Albert Einstein "The release of new internet threats have not created a new problem. It has merely made more urgent the necessity of solving an existing one." Parallels quote by Albert Einstein on atomic energy ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Security Program Development / Staffing survey - Not social engineering. James Moore (Aug 30)