Version 1.1: October 2012
This is a list of resources intended for Chief Information Security Officers (CISOs) and other security professionals new to their role in higher education. Recommendations are provided by members of the EDUCAUSE/Internet2 Higher Education Information Security Council (HEISC).
|Are You the New CISO on Your Campus? A Few First Steps...|
Still haven't found what you need? Please contact us and we'll try to help!
EDUCAUSE Listservs: Join any of these community discussion groups and engage with a large network of professionals.
- Security Discussion List
- IdM Discussion List
- Policy Discussion List
- Interested in Cloud Computing, Data Administration, IT Accessibility, IT Architecture, IT Communications, Mobile Technologies, or Small Colleges? EDUCAUSE hosts other listservs, as well.
Note: If you prefer not to subscribe to these listservs, please keep in mind that the listserv archives are fully searchable and may provide valuable insights and prior discussions relating to current (or future) issues and concerns.
- IAPP (International Association of Privacy Professionals) Privacy List (separate membership fee required)
- REN-ISAC (separate membership fee required)
- "A New CISO's To-Do List: ‘Make or Break’ Actions for a Chief Information Security Officer’s First Year" by Brian T. Nichols (Campus Technology, August 2006)
- "Keeping the Guard Up in a Down Economy: Investing in IT Security in Hard Times" by Brian D. Voss and Peter M. Siegel (EDUCAUSE Review, September/October 2009)
Books & Publications
- The Career of the IT Security Officer in Higher Education (an ECAR Occasional Paper) by Marilu Goodyear, Gail Salaway, Mark Nelson, Rodney Petersen, and Shannon Portillo
- Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI by Debra S. Herrmann
- Computer and Network Security in Higher Education edited by Mark Luker and Rodney Petersen
- Cultivating Careers: Professional Development for Campus IT edited by Cynthia Golden
- FERPA Guide and FERPA Quick Guide by LeRoy Rooker (AACRAO)
- IT Governance: How Top Performers Manage IT Decision Rights for Superior Results by Peter Weill and Jeanne Ross
- NIST Special Publications (800 series)
- Security Metrics: Replacing Fear, Uncertainty, and Doubt by Andrew Jaquith
- EDUCAUSE Policy Digest
- Bruce Schneier's Crypto-Gram Newsletter
- CSO Online Newsletters
- IAPP Privacy News – The Daily Dashboard
- Microsoft Security Newsletter
- SANS Security Newsletters (NewsBites, @RISK, Ouch!)
Websites: Visit these sites for recommended resources and links to other websites commonly used by CISOs in higher education.
- Campus Computing Project
- Center for Internet Security (CIS)
- Educational Security Incidents (ESI)
- EDUCAUSE Core Data Service (CDS)
- EDUCAUSE Cybersecurity Initiative & HEISC
- EDUCAUSE IAM (Identity and Access Management)
- EDUCAUSE Policy
- Internet2 Middleware
- Internet2 Security
- Security Professionals Conference
- Seminar on Establishing an Information Security Program (typically offered on an annual basis at the Security Professionals Conference).
- Additional EDUCAUSE professional development initiatives, including an annual conference, regional conferences, special topic conferences, and institute programs for management and leadership development.
- Career Development for New and Aspiring CIOs (EDUCAUSE website)
- Internet2 offers member meetings, workshops, Joint Techs meetings, and several other events.
- InCommon offers three different types of events for those who want to learn more about IAM-related issues: CAMP (Campus Architecture and Middleware Planning), Advance CAMP, and Day CAMP.
- EDUCAUSE Live!
- IAM Online
- EDUCAUSE Now Podcasts
Professional Organizations: Consider joining a professional organization. Many offer local chapters with frequent meetings that allow you to build a local network of security practitioners and experts.
- ISSA (separate membership fee required)
- ISSA CISO Executive Forum (separate membership fee required)
- SANS Information Security Training
- Security Certification (CISSP, CERT, CISA, CISM, GIAC, etc.)
- Privacy Certification (IAPP offers certification programs and training for CIPP and other credentials)
- EDUCAUSE Twitter page
- HEISC Facebook page
- HEISC Pinterest page
- HEISC Scoop.it! pages (RSS feeds available on topics: information security and data privacy)
- HEISC Twitter page
- Security Awareness Video & Poster Contest Facebook page
- Security Awareness Video Contest YouTube page
- Internet2 Twitter page
- InCommon Facebook page
- Internet2 Facebook page
- LinkedIn (search for Groups like EDUCAUSE, Internet2, Higher Education Information Security, and Information Security Community)
Connecting with Campus Colleagues: It's crucial to continue developing relationships with as many people on your campus as possible.
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.