Educause Security Discussion mailing list archives
Re: Policy Defining Responsibility for CIO & CISO
From: Carlos Lobato <clobato () NMSU EDU>
Date: Mon, 22 Feb 2016 16:44:15 +0000
Hello Ben, As of this point, yes, the CISO reports to the CIO, but we are working on implementing IT Governance at NMSU and putting/recommending a structure that is going to last is of utmost importance to us, so that we can meet best practices as well as the long-term intended spirit of data privacy regulations such as GLBA, HIPAA, etc. Carlos From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben Woelk Sent: Monday, February 22, 2016 9:00 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Policy Defining Responsibility for CIO & CISO Carlos, Does your CISO report to the CIO? That would impact the delineation of responsibilities. Ben Woelk '07 CISSP ISO Program Manager Information Security Office Rochester Institute of Technology ROS 10-A204 151 Lomb Memorial Drive Rochester, New York 14623 585.475.4122 585.475.7920 fax ben.woelk () rit edu<mailto:ben.woelk () rit edu> http://www.rit.edu/security/ Become a fan of RIT Information Security at http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645> Follow us on Twitter: http://twitter.com/RIT_InfoSec CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Carlos Lobato Sent: Monday, February 22, 2016 10:28 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Policy Defining Responsibility for CIO & CISO Good Morning Colleagues, If your institution has a policy that clearly delineates responsibility for the CIO and CISO, I would highly appreciate if you would send me a link to your policy. Thanks in advance, Carlos Carlos S. Lobato, CISA, CISSP, CPA IT Compliance Officer New Mexico State University Information and Communication Technologies MSC 3AT PO Box 30001 Las Cruces, NM 88003 Phone (575) 646-5902 Fax (575) 646-5278
Current thread:
- Policy Defining Responsibility for CIO & CISO Carlos Lobato (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO Cathy Bates (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO Ben Woelk (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO Miguel Angel Gonzalez de la Torre (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO Ben Woelk (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO randy (Feb 22)
- <Possible follow-ups>
- Re: Policy Defining Responsibility for CIO & CISO Carlos Lobato (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO Valerie Vogel (Feb 22)
- Re: Policy Defining Responsibility for CIO & CISO Cathy Bates (Feb 22)