My thoughts on one of the challenges facing infosec offices in higher education. It reflects my thoughts, and not necessarily those of my employer.
The institutional challenge of creating centralized cost-effective efficiencies in an environment with a strong tradition of localized, decentralized IT solutions and personnel is normative in higher education.
An Information Security Office can create centralized efficiencies by:
- Modeling an effective centralized service organization that is responsive to the individual needs of specific departments. (One way to accomplish this is by regular meetings with stakeholders to ensure that the Information Security Office can enable their business, rather than create barriers with unreasonable requirements.)
- Providing centralized security services such as vulnerability scanning of web and servers and security reviews of proposed solutions.
- Managing compliance initiatives such as private information remediation centrally, leveraging an extended team composed of empowered college and division representatives.