Enhancing ICT Security
The need for a safe and secure ICT environment was articulated in the ICT Foundational document , which stated,
“In order to protect our information assets we must embrace a campus-wide culture of best practice in ICT security. … our systems are secure only if everyone participates in ensuring they are. ICT security must be a high priority for the University and must become engrained as part of our culture, with adequate training and support."
The campus needs to adopt a disciplined and structured approach to ensure that measures are applied in a comprehensive, consistent and cost-effective manner. Campus-wide leadership is required.
Establishing an ICT Security Office
The U of S is establishing an ICT Security Office to help improve ICT security. Security is an ongoing process that requires ongoing attention as there are always new risks and attacks continue to become more sophisticated. Universities are especially vulnerable because of the large number of users, the desire in the academy for openness and easy access, the reluctance to impose/accept strong central controls, and the distributed authority structure.
A Director of ICT Security position was created and filled in June 2012 and reports to the CIO. This direct reporting line is important as a signal that the office has responsibility for ICT security across the entire campus and to give it the authority to act where needed. The office will work closely with and be a key resource for Campus Safety, other IT units across campus, business process owners, data stewards, individual faculty members, staff and students, and for all of ICT.