Location:
Home » Community » Member Directory » Tammy L. Clark
Community

Tammy L. Clark (Georgia State University)

Tammy L. Clark
Chief Information Security Officer
Georgia State University
Atlanta, Georgia
UNITED STATES

Tammy L. Clark

Biography

Tammy Clark serves as the Chief Information Security Officer at Georgia State University, a sprawling urban campus serving over 40,000 students, staff and faculty in downtown Atlanta, Georgia. She joined Georgia State in 2000 with the initial charge to start from "ground zero" in creating an information security program.

Tammy frame-worked her strategic plans and practices around the guidance in ISO 27002, which advocates a risk based approach to integrating controls within business processes, and developing road-maps (people, process, and technology) that foster continuous improvements in data protection, security awareness, compliance and policy/process development. She successfully completed initiatives in 2007-2009 to build an ISO 27001/2 compliant Information Security Management System that incrementally incorporates University organizations and departments. The Information Security organization, Office of Disbursements, and Data Center Operations have been formally certified by an ISO 27001 accredited registrar.

Taking this approach has re-defined information security as a core element of the business of higher education. Technology plays an important role in the scheme of things, but working with people to help them understand how to protect the information they work with through integrating controls, best practices, and well defined procedures, results in the greatest rewards across the board.

Tammy is a Certified Information Systems Security Professional (CISSP), a certified Project Management Professional (PMP), a Holistic Information Security Practitioner (HISP), a Certified Information Security Manager (CISM), a Certified Information Systems Auditor (CISA), a certified Information Security Management Systems Auditor (ISO 27001), a PCI certified ISA, Certified in Risk and Information Systems Control (CRISC), Information Technology infrastructure Library (ITIL) Foundations certified, and has dual Bachelor's degrees in MIS and Accounting from Cal State University, San Bernardino, California.

Publications

Publications
Implementing Information Security Governance Using ISO 27 ...
Higher Education Information Security Council (HEISC)
March 2011
Georgia State University's IT Procurement Review Process--Practical ...
Higher Education Information Security Council (HEISC)
March 2011
Securing Institutional Data: Let’s Make It Everyone’s ...
ECAR
May 2009
Information Security Governance: Standardizing the Practice ...
ECAR
August 2008
Georgia State University System Security Plan
Organizations or Campuses
January 2006

Presentations

Upcoming Presentations
EventSessionDate
Security Professionals Conference 2013Automated, Rapid Response to Botnets and Advanced Malware Infections in a University Environment05/16/2012
Security Professionals Conference 2013Leading the Way to PCI Compliance: It's All About Planning and Collaboration05/17/2012
Enterprise Technology Conference 2012Leading the Way to PCI Compliance: It's All About Planning and Collaboration!05/17/2012
Southeast Regional Conference 2012Mobile and Cloud Security: Practical Applications of the Information Security Guide06/01/2012
EDUCAUSE 2012 Face-to-Face Annual ConferenceSeminar 06A - PCI Compliance Reviews: A Mixed Bag of People, Processes, and Technology
PLEASE NOTE: Separate registration and fee is required to attend this seminar.		11/06/2012
Recent Presentations
EventSessionDate
Security Professionals Conference 2013Seminar 01A - Navigating the PCI DSS Jungle
PLEASE NOTE: Separate registration and fee are required to attend this seminar.		05/15/2012
EDUCAUSE 2011 Face-to-Face MeetingSeminar 03P - Developing a Standards-Based Information Security Program Using ISO 27002
PLEASE NOTE: Separate registration and fee is required to attend this seminar.		10/18/2011
Southeast Regional Conference 2011An Interactive Overview of the EDUCAUSE/Internet2 Information Security Guide; or, How to Get a Virtual Workforce for Free!06/03/2011
Southeast Regional Conference 2011Security and Privacy Considerations for Cloud Computing06/02/2011
EDUCAUSE 2010 Face-to-Face MeetingSeminar 01A - Building a Standards-Based Information Security Program Using ISO 2700010/12/2010
EDUCAUSE 2009 Face-to-Face ConferenceThe Cost of Preventing Breaches11/04/2009
EDUCAUSE 2009 Face-to-Face ConferenceSeminar 03A - Building a Standards-Based Information Security Program Using ISO 27001 and ISO 2700211/03/2009
Security Professionals Conference 2009Novel Approaches to Developing Governance, Risk, and Compliance Programs04/22/2009
Security Professionals Conference 2009Using the EnCase Field Intelligence Model in Assisting with Forensics Examinations04/21/2009
Security Professionals Conference 2009Seminar 2F - Introduction to ISO 27001/2: Everything You've Wanted to Know (but Were Afraid to Ask)
PLEASE NOTE: Separate registration and fee are required to attend this seminar.		04/20/2009
Security Professionals Conference 2008McAfee and Georgia State University - Taking Aim at Network Intruders with Intrushield's Intrusion Prevention System05/06/2008
EDUCAUSE 2007GSU's Roadmap for a World-Class Information Security Management System: ISO 27001:200510/24/2007
Southeast Regional Conference 2007Developing a Risk-Based Information Security Program06/13/2007
Security Professionals Conference 2007Welcome and Introductions04/11/2007
Security Professionals Conference 2007First-Time Attendees: How to Get the Most Out of the Conference Experience04/10/2007
EDUCAUSE 2006How to Successfully Defend Against IRC Bots, Compromises, and Information Leaks10/12/2006
EDUCAUSE 2006Start with a Great Information Security Plan!10/10/2006
Southeast Regional Conference 2006Giving the Heave-Ho to Worms, Spyware, and Bots!06/19/2006
Southeast Regional Conference 2005Security and Identity Management for Small Colleges06/07/2005
Southeast Regional Conference 2005Seminar 01A - Effective Cybersecurity Practices for Higher Education
PLEASE NOTE: Separate registration and fee are required to attend this seminar.		06/06/2005
Southeast Regional Conference 2005How Technology, People, and Processes Converged to Achieve a 95 Percent Reduction in Security Incidents!06/06/2005
EDUCAUSE 2004How Do You Create a Successful Information Security Program? Hire a Great ISO!10/22/2004
EDUCAUSE 2001Detection and Prevention of Intrusions and Attacks at Universities10/31/2001

Membership Information

General Info

Membership Information
OrganizationStatus
ECAR
ELI
EDUCAUSEParticipating Representative

This information is provided as a service for our members and subscribers. It gives members and subscribers the opportunity to share information about common problems and solutions and a chance to network with their peers. Neither members nor nonmembers are to use it for commercial gain or for research that is not explicitly sponsored by EDUCAUSE. EDUCAUSE maintains open access to this information with the expectation that it will not be abused. We appreciate your help in using this information properly so that we do not have to limit its availability.

If you have questions about the use of this information or you want your personal information or photo removed, you may either e-mail info@educause.edu or login to make changes.


 
© Copyright 1999-2012 EDUCAUSE
  Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.