Enhancing ICT Security
The need for a safe and secure ICT environment was articulated in the ICT Foundational document , which stated,
“In order to protect our information assets we must embrace a campus-wide culture of best practice in ICT security. … our systems are secure only if everyone participates in ensuring they are. ICT security must be a high priority for the University and must become engrained as part of our culture, with adequate training and support."
The campus needs to adopt a disciplined and structured approach to ensure that measures are applied in a comprehensive, consistent and cost-effective manner. Campus-wide leadership is required.
Establishing an ICT Security Office
The U of S is establishing an ICT Security Office to help improve ICT security. Security is an ongoing process that requires ongoing attention as there are always new risks and attacks continue to become more sophisticated. Universities are especially vulnerable because of the large number of users, the desire in the academy for openness and easy access, the reluctance to impose/accept strong central controls, and the distributed authority structure.
A PCIP request was made to secure the funds required to create the ICT Security Office, which will report to the CIO. This direct reporting line is important as a signal that the office has responsibility for ICT security across the entire campus and to give it the authority to act where needed. The office will work closely with and be a key resource for Campus Safety, ITS and other IT units across campus, business process owners, data stewards and individual faculty members, staff and students.
A position profile for the Director ICT Security has been developed and a candidate search is underway. This is the first step of many to enhance ICT security at the U of S.