8
Role of the CISO in Higher Education University of Edinburgh 1/11/201 6

Role of the CISO in Higher Education

  • Upload
    jisc

  • View
    323

  • Download
    1

Embed Size (px)

Citation preview

Page 1: Role of the CISO in Higher Education

Role of the CISO in Higher EducationUniversity of Edinburgh

1/11/2016

Page 2: Role of the CISO in Higher Education

Role of the CISO in Higher Education

Experiences from University of Edinburgh

Page 3: Role of the CISO in Higher Education

Principal

Information Services Group

Corporate Services Group

University Secretary’s Group

College of Science and Engineering

College of Art, Humanities and Social Sciences

College of Medicine and

Veterinary Medicine

Page 4: Role of the CISO in Higher Education

Background to Appointment of CISO• Structure of University allows for high degree of local

prioritisation of information security risk profile, with limited central direction.

• Senior Academic review (eg Kenway Report) recognised benefits of central senior focus.

• Appointment of new CIO brought renewed focus to requirement for CISO to cover all aspects of information security risk rather than previous alignment to IT security.

• Risk and Audit Committee, and senior staff, buy-in and support crucial to success – mandate from the top.

Page 5: Role of the CISO in Higher Education

Recruitment

• Selection process supported by external recruitment agency to broaden candidate pool.

• Interview panel included senior academics and directors from within ISG – adds to broad engagement.

• Appointment in early 2016, took up post in February 2016.

Page 6: Role of the CISO in Higher Education

CISO – Main Responsibilities• Leads and owns the information security strategy for the

university. • Drives and owns the information security risk posture, taking a

risk-based, holistic approach to managing information security risk.

• Leads pan-University information security activities, managing the information security risk to IT facilities from internal and external threats.

• Advices the University on strategic existing and emerging information security threats.

• Owns, manages and develops appropriate information security policies, procedures, controls and the overall information security governance framework.

Page 7: Role of the CISO in Higher Education

Initial Priorities• Recruitment of team with necessary skills –

challenge of competing against private sector.• Increased focus on user.• Overhaul of information security risk governance

to focus on risk based approach.• Support to strategic/key projects (Service

Excellence Programme, Data Safe Haven, Network Refresh, Data Sciences, Alan Turing Institute, Student analytics, distance learning and eExams.)

Page 8: Role of the CISO in Higher Education

Keys to Success• Alignment to University 2016 Strategy – supporting plans for

Digital Transformation and Data and Partnerships with Industry.

• Buy-in from individual Colleges and Support Groups – need to recognise requirement for ‘individual’ solutions – outcome based.

• Ensure that business areas know their responsibilities – won’t do security ‘to’ or ‘for’ them – they own the risks.

• Provision of supporting services and not about saying ‘No’.• External and internal collaboration and information sharing.


CISO - Mobile Applications

CISO - Mobile Applications

Documents
The Changing Role of the CISO - paramountassure.com · 5 areas for deciding the CISO strategy. Security Practitioners - Protect information assets, brand, revenue and reputation

The Changing Role of the CISO - paramountassure.com · 5 areas for deciding the CISO strategy. Security Practitioners - Protect information assets, brand, revenue and reputation

Documents
Virtual CISO - ICA Consultancy

Virtual CISO - ICA Consultancy

Documents
Owasp atlanta-ciso-guidevs1

Owasp atlanta-ciso-guidevs1

Documents
CISO Playbook - OWASP

CISO Playbook - OWASP

Documents
The Role of Higher Education

The Role of Higher Education

Documents
The state of CISO influence 2021 The maturing CISO role

The state of CISO influence 2021 The maturing CISO role

Documents
CISO Board Briefing 2017 - Black Swan Technologies€¦ · CISO BOARD BRIEFING 2017: INSIGHTS FROM THE 2016 CISO FORUMS Introduction A chief information security officer (CISO) has

CISO Board Briefing 2017 - Black Swan Technologies€¦ · CISO BOARD BRIEFING 2017: INSIGHTS FROM THE 2016 CISO FORUMS Introduction A chief information security officer (CISO) has

Documents
The CISO Survival Guide

The CISO Survival Guide

Documents
Data Protection Strategy Bob Maley, CEO, Strategic CISO & former CISO, State of Pennsylvania

Data Protection Strategy Bob Maley, CEO, Strategic CISO & former CISO, State of Pennsylvania

Documents
2_The rol of CISO

2_The rol of CISO

Documents
The Evolving Role of the CISO - ISACA Denver

The Evolving Role of the CISO - ISACA Denver

Documents
CISO | CISO - Adopting and Implementing a …...OF HIGHER EDUCATION The Social Role of Québec’s CEGEPs and Universities 8 Large Consumers of Goods and Services 9 Re-engineering

CISO | CISO - Adopting and Implementing a …...OF HIGHER EDUCATION The Social Role of Québec’s CEGEPs and Universities 8 Large Consumers of Goods and Services 9 Re-engineering

Documents
Role of the CISO - M. E. Kabay Web Site...“ROLE OF THE CISO ... Public health & healthcare 9. Drinking water / water treatment 10.Energy 11.Banking & finance 12.National monuments

Role of the CISO - M. E. Kabay Web Site...“ROLE OF THE CISO ... Public health & healthcare 9. Drinking water / water treatment 10.Energy 11.Banking & finance 12.National monuments

Documents
Stuff my ciso says

Stuff my ciso says

Technology
Психология в деятельности CISO

Психология в деятельности CISO

Spiritual
KCG CISO Framework - Federal News Network · The Chief Information Security Officer (CISO) role has grown to prominence in the last ten years as technology continues to evolve and

KCG CISO Framework - Federal News Network · The Chief Information Security Officer (CISO) role has grown to prominence in the last ten years as technology continues to evolve and

Documents
#%! My CISO Says

#%! My CISO Says

Technology
CISO Softskills Handbook

CISO Softskills Handbook

Documents
CISO JFO Funding Manual

CISO JFO Funding Manual

Documents
October CISO Hotsheet - nebula.wsimg.com

October CISO Hotsheet - nebula.wsimg.com

Documents
The higher education factor: The role of higher education

The higher education factor: The role of higher education

Documents
The State of the CISO in Higher Education...2016/09/24  · Higher education trends impact information security. -Higher education is under a lot of scrutiny. -The mind-set toward

The State of the CISO in Higher Education...2016/09/24  · Higher education trends impact information security. -Higher education is under a lot of scrutiny. -The mind-set toward

Documents
Office of the CISO

Office of the CISO

Documents
TM C CISO - TSTC

TM C CISO - TSTC

Documents
The CISO Guide – How Do You Spell CISO?

The CISO Guide – How Do You Spell CISO?

Business
Ciso executive summit 2012

Ciso executive summit 2012

Documents
Cio ciso security_strategyv1.1

Cio ciso security_strategyv1.1

Documents
The new CISO - Deloitte 78 The new CISO Looking inward: When the CISO needs to look in the mirror According to data from Deloitte’s CISO Labs, building capabilities to better integrate

The new CISO - Deloitte 78 The new CISO Looking inward: When the CISO needs to look in the mirror According to data from Deloitte’s CISO Labs, building capabilities to better integrate

Documents
Digital Guardian CISO Mentoring Webinar Series...Digital Guardian CISO Mentoring Webinar Series Stories From the CISO Trenches 1 ... DuPont (11 years) Held additional IT, Research

Digital Guardian CISO Mentoring Webinar Series...Digital Guardian CISO Mentoring Webinar Series Stories From the CISO Trenches 1 ... DuPont (11 years) Held additional IT, Research

Documents