4 steps higher ed information security officers can take to manage cyber risk

0
102

Editor’s note: Brian Kelly is the chief information security officer at Quinnipiac University. Scott Kannry is the CEO at Axio.

Educational institutions have a unique challenge to contend with when it comes to managing cyber risk: The very organizational structure that supports education and research can be detrimental to risk management.

This is perhaps most evident when it comes to justifying budget requests for a comprehensive cybersecurity or regulatory compliance program. Chief information security officers (CISOs) must cross multiple organizational boundaries and communicate cyber risk in terms that the board of trustees, provost and financial officers — three very different stakeholders — will understand.

In higher education, students and professors enjoy a different contract with the institution than an employee does with their employer. Universities must offer broader access to networks, maintain less control over student–employee actions and deal with significantly more turnover (matriculation and graduation) than the average private sector enterprise. Additionally, universities hold vast quantities of personal data, including…

Read More…