Re: Campus Security Governance Structures?

[Cal Frye <cjf () CALFRYE COM>]

Martin Manjak wrote:
> Looks like I have to answer my own query.
>
> The lack of response to this question is intriguing. Does it mean that
> most institutions don't have some form of governance when it comes to
> information security?
>
> If that's the case, how are decisions made that affect the institution's
> security posture? How are assets ranked and vulnerabilities prioritized?
> How is risk assessment performed? Who decides what investments are made
> into what technologies and controls?
>
> It seems to me that if you get governance right, many other things fall
> into place because you get institutional recognition of risk and
> endorsement of mitigation strategies.
> M-

Perhaps for some of us the answer begins, "I call up Ross and we discuss
it..." Here information security isn't very differentiated from
Information Technology as a whole.

--
Regards,
-- Cal Frye, Network Administrator, Oberlin College

   www.calfrye.com,  www.pitalabs.com

"In our age, there is no such thing as "keeping out of politics." All
issues are political issues, and politics itself is a mass of lies,
evasions, folly, hatred, and schizophrenia." -- George Orwell.