Information Security Governance

EDUCAUSE Library Items for Information Security Governance

Sharing the Wealth: A University-Wide Information Security Council

March 10, 2010 | A session at the NERCOMP Annual Conference 2010

Information security is often consigned to the IT department, even though IT is not the primary user of university data. But technical solutions can only go so far in protecting data. In 2008, the …

Building and Assessing an Information Security Program

February 18, 2010 | A session at the EDUCAUSE Southwest Regional Conference 2010

Given continually increasing threats, constant additions to government regulations, and rising costs, every institution must address information security. An effective information security program …

Revitalizing Data Stewardship through Risk Reduction: Managing Sensitive Data at the University of Virginia

December 1, 2009

The 2009 ECAR study Institutional Data Management in Higher Education , by Ronald Yanosky, examines how higher education institutions are facing the challenges of institutional data management…

Podcast: Jodi Ito on the Information Security Program at the University of Hawaii

January 20, 2012

Jodi Ito is the Information Security Officer at the University of Hawaii. She is responsible for the development and implementation of the university's new information security…

Securing Institutional Data: Let’s Make It Everyone’s Business

May 5, 2009

 This ECAR research bulletin discusses the costs of preventing data loss in terms of people, processes, and technology. It focuses on principles to guide decision making in higher education and …

Novel Approaches to Developing Governance, Risk, and Compliance Programs

April 22, 2009 | A session at the Security 2009

Legislative requirements are accumulating as rapidly as sophisticated threats to institutional data. How does an institution develop a strategic response that incorporates all necessary requireme…

Getting Real About Security Governance

June 26, 2007

Enterprise security governance is not just a vague idea - it can be achieved by implementing a defined, repeatable process with specific activities. For an organization that lacks a cohesive …

Governing for Enterprise Security Implementation Guide

August 24, 2007

This guide is designed to help business leaders implement an effective program to govern information technology (IT) and information security. Our objective is to help you make well-informed deci…

Governing for Enterprise Security

November 18, 2008

CERT's web site for Governing for Enterprise Security. CERT's web site for Governing for Enterprise Security. …

Implementing Information Security Governance Using ISO 27000

March 17, 2011

GSU's CIO sponsored the ISO 27001 certification initiative at Georgia State University in mid 2007 and the Information Security Department and Office of Disbursements were the first GSU depa…