IT Governance & Information Security Program...University of North Carolina at Charlotte 12/6/2012 • 1 The Role of IT Governance for Effective Information Security Management Sanjeev

12/6/2012 • 1 University of North Carolina at Charlotte

The Role of IT Governance for Effective Information Security Management

Sanjeev Sah

Chief Information Security Officer

The University of North Carolina at Charlotte

December 6, 2012


1.2 billion users

2.4 billion users Internet

122 million Tablets

1.7 billion Phones

Source: HP.com


Virtualization has transformed Data Centers.

Consumer Cloud Services are more powerful than what IT provides.

Bring Your Own Device (BYOD) is the new strategy for end point services.


Societal

• Accommodating the globalized service economy spurs "education inflation".

Political

• Politicians are retreating from their responsibility for education.

Environment

• Uncertainty about future energy sources is heightened.

Economy

• In the aftermath of the global financial crisis, cost control remains a focus.

Nexus

Social

Mobile

Cloud

Information

Source: Gartner


People & Forums

Administrative, Technical & Non-Technical

Process & Procedures

Governance

Policies, Regulations,

Requirements & Guidelines

Information Security Program

Safeguards & Controls


IT Governance Forums & Functions @ UNC Charlotte

Information Technology Executive Steering Committee (ITESC)

Chancellor

Board of Trustees

Information Technology Advisory Committee (ITAC)

Information Assurance

IT Infrastructure Enterprise Applications

Client Facing Technology

ITESC has strategy level governance of Information Technology, such as resource allocation, policy review and Information

Security oversight for the whole university.

ITAC has operational level governance of Information Technology including Portfolio Activities and Information Security.

Ensure the effective and efficient uses of Information Technology, and monitor

that Information Security Risks are being addressed.

Ensure that Information Technology Strategy is aligned with University’s mission.


Program Governance – Forums, Scope/Functions & Outcomes

CISO

Chancellor

Board of Trustees

ITESC

ITAC

Information

Assurance

Information Security

IS Compliance

Campus Data

Security Officers

Forum:

High-Level Council / Executive Sponsor

Scope/Function:

• Set Accountability & Authority

• Program oversight

• Budget allocation

• Policy & strategy definition

• Conciliation / Arbitration

• Approval and exemptions

Outcomes:

• Policy legitimacy and awareness

• Authority of the IT Governance & ISP

• Budgets

• Policy and strategy

• Priorities

Forum:

Mid-Level Council

Scope/Function:

• Project oversight

• Local policy definition

• Reporting

Outcomes:

• Local policies

• Reports

Forum:

Information Security Teams

Scope/Function:

• Project oversight

• Operations oversight

• Policy compliance monitoring

• Reporting

Outcomes:

• Compliance certifications and

exceptions

• Reports


Key IT Issues – Higher Education

How is IT changing the global education ecosystem and impacting the future workforce in society?

How should higher education institutions invest in applications, systems and infrastructure?

How should higher education institutions strategize and govern to make the most out of IT?

How can we balance regulatory, commercial and organizational compliance?

What are the characteristics of a successful information security program?

What are the components of a successful enterprise privacy program?

How can business continuity management and operational risk management be aligned to achieve business resilience?

How can risk management activities be aligned to University’s performance?

Key Security & Risk Management Issues

Sources: Gartner & Educause, 2012

IT Governance & Information Security Program...University of North Carolina at Charlotte 12/6/2012 • 1 The Role of IT Governance for Effective Information Security Management Sanjeev

Documents