Information Security in the Future IT Organization

Michigan and CWRU have both undertaken fundamental changes to the IT organization since 2010, realigning to a model called "Design-Build-Run" for CWRU and "Plan-Build-Run-Manage" for Michigan. The higher education IT community is abuzz regarding these approaches. These IT organization changes present unique challenges and opportunities for the information security program. We will discuss possible organizational models for information security in these contexts, offering differing examples of how our IT organizations, one large and one small, addressed the security program. We'll also offer some lessons learned about strategy, effectiveness, and potential "nice to have" elements and examine future CISO/CSO roles.

OUTCOMES:
Get an introduction to the transformed IT organization, as experienced at CWRU and Michigan, from an information security perspective (an organizational risk) * Learn about the strengths and weaknesses of various approaches, especially in terms of finding the optimal organizational model for information security programs * Obtain a shared roadmap of issues and known solutions for the security organization if/when the IT organization takes on new models