Click here to receive your FREE subscription to Campus Technology
Features
The Rise of the CISO
4/1/2007
The 'chief information security officer' role is increasingly important for higher ed, as new cyber security challenges loom on the horizon.
THE LATE 1980s was an exciting time to be a CIO
in higher education. Computing was being decentralized
as microcomputers replaced mainframes,
networking was emerging, and the National Science
Foundation Network (NSFNET) was introducing
the concept of an “internet” to hundreds of
thousands of new users. Security wasn’t much of
an issue; the big debate on campus was whether to
regulate access to the alt.sex newsgroups. An institution’s
systems group handled IT security as an
afterthought. None of us had a “chief information
security officer”—or anything like it.
Now, two decades later, cyber security is routinely identified as the top concern of higher ed CIOs, according to the Campus Computing Project’s 2006 National Survey of Information Technology in US Higher Education. And with good reason: The CDW-G Higher Education IT Security Report Card 2006 (newsroom.cdwg.com/ features/feature-10-10-06.html) indicates that 56 percent of all higher ed institutions have experienced at least one security incident in the last year.
The CISO in Higher Ed
With the growing importance of security, it is not surprising that the responsibility for IT security has moved to senior IT management or dedicated IT security professionals. Forty percent of institutions now have a formally designated chief information security officer, up from 22 percent in 2003, according to Safeguarding the Tower: IT Security in Higher Education 2006, a study from the Educause Center for Applied Research (ECAR).
The person responsible for IT and information security (as well as related audits) may have a variety of titles: information security officer (ISO), IT security manager, or director of information security. Although common in the corporate world, the use of the functional descriptor “chief security officer” (CSO) or “chief information security officer” (CISO) is less common in higher ed. Because the term “chief security officer” is used by many companies for a position that is also responsible for physical security and the safety of employees, the term “chief information security officer” is becoming more prevalent for individuals with an exclusive cyber security focus.
At the same time, the role of the CISO is evolving from a
technologist responsible for computer systems administration,
to someone with campuswide responsibility for information
security policy, regulatory compliance, and financial
tradeoffs, as well as technically oriented computer/network
security and incident response, says Stan Gatewood, CISO
at the
New projector technologies and features offer improved picture quality, reductions in operation and installation costs, and challenge our ideas about where and how projectors can be used. With final approval of the emerging 802.11n standard tantalizingly close, forward-looking colleges and universities are deploying wireless "n" networks. Here's what you'll need to know for your own "n" initiative. Is open source business intelligence software ready for prime time? Our feature contributor offers BI watchers the open source ammunition they've been waiting for.
Recommended Reading
