CISO Memo: An ISG New Year’s Resolution
As usual, when the New Year rolls around, we hear of many people (and organizations!) speaking of resolutions for the coming year. While declared in the true spirit of obtaining them, as we all know, many of these resolutions fall by the wayside rather early into the New Year.
The Information Security Group is committing to a resolution as well, and that is to continue our momentum in providing ever-improving security solutions in 2010. We experienced a solid 2008, followed it up with a very successful 2009, and look to further our value for Brown in the coming twelve months.
In 2009 we've established a terrific working relationship with the Brown DCC community, which has benefited each group, and strengthened the security of many academic departments. We conducted a risk assessment in many areas of the university that has highlighted areas of improvement, while also indicating secure computing in many departments.
Our awareness efforts were seen across the campus, highlighted by another successful Cyber Security Awareness Month campaign in October. We were present at many campus functions partnering with DPS, and also trained hundreds of colleagues on protecting confidential information both in class rooms and on-line. To date, over 1,600 Brown staff members have been through the "Protecting Brown Information" course, improving our security posture. We also continued our very popular Brown Bag series, with more courses to be offered in the coming months.
In support of Brown's technology, ISG has participated in the high-priority initiative for IT Disaster Recovery, and played a key role behind the scenes in redesigning our network for increased security. We've also taken on additional responsibilities in assuming leadership for compliance with many regulatory mandates that now impact higher education.
We also supported one of our own in the Brown Ambassadors Program, as well as leading a session on Social Networking Security on Staff Development Day.
The bottom line is that we have momentum in providing ever-improving security solutions and support across Brown. Our resolution is to improve on our success, and create even greater momentum.
Our plans include additional awareness campaigns, on topics such as password sharing, privacy, and copyright law. We'll offer new training courses (both in person and online), as well as new Brown Bag lunch time sessions. We plan on offering solutions to identify confidential information on Brown equipment, and how best to remove or protect it. Our plan is to champion new standards for web application security, and provide the support to mitigate the risk of compromised systems. And we'll also continue to refine our behind the scenes infrastructure to provide better security.
Ok, so you may argue that our resolution is not really one at all. However, be assured in the resolve of the ISG in maintaining and improving our security services and posture. We look to our ISG mission statement in all that we do: to provide proactive security expertise, engineer robust security architecture, and enhance our culture of security awareness. Just by reading this, you've helped us in achieving the last point!
I'm looking forward to 2010, and especially to interacting with all of you. Please feel free to reach out to me directly at david_sherry@brown.edu, or the entire team at ISG@brown.edu. Let me know how we are doing, areas of concern you may have, or questions on your identity or personal computing security. And remember, sec_rity is not complete without U!