Version 2.0: July 2014
This is a list of resources intended for Chief Information Security Officers (CISOs) and other security professionals new to their role in higher education. Recommendations are provided by members of the EDUCAUSE/Internet2 Higher Education Information Security Council (HEISC).
Are You the New CISO on Your Campus? A Few First Steps...
- Get to know your colleagues within the IT department, as well as key stakeholders across the institution.
- Do a quick assessment within the first 60 days to determine the status of the IT security department's existing services and activities.
- Find answers to questions in the Information Security Guide: Effective Practices and Solutions for Higher Education, a compendium of information providing guidance on effective approaches to the application of information security at institutions of higher education. (This handy infographic provides a quick overview of the chapters and where to find resources.)
- Connect with local peers. The EDUCAUSE Member Directory allows you to identify peers according to functional role (e.g., CISO), area of interest (e.g., Cybersecurity), or location. Complete your member profile now and start connecting with professionals in your area!
- Request a peer mentor or coach through our Mentoring Program for security professionals (visit our Mentoring Toolkit for details).
- View this 1-hour webinar, "Who Moved My Office? The Evolving Role of the CISO."
- Browse the resources available below.
Still haven't found what you need? Please contact us and we'll try to help!
EDUCAUSE Listservs: Join any of these community discussion groups and engage with a large network of professionals.
- Security Discussion List
- IdM Discussion List
- Policy Discussion List
- IT Communications Discussion List
- CIO Discussion List
- Interested in Cloud Computing, Data Administration, IT Accessibility, IT Architecture, IT Communications, Mobile Technologies, or Small Colleges? EDUCAUSE hosts other discussion lists, as well.
Note: If you prefer not to subscribe to these listservs, please keep in mind that the listserv archives are fully searchable and may provide valuable insights and prior discussions relating to current (or future) issues and concerns.
Association & Industry Listservs
- IAPP (International Association of Privacy Professionals) Privacy List (separate membership fee required)
- REN-ISAC (separate membership fee required)
- BugTraq
- PatchManagement.org
- RESNET-L
- US-CERT Mailing Lists and Feeds
Articles, Books, Magazines, & Newsletters: Recommended reading.
Articles
- "A New CISO's To-Do List: 'Make or Break' Actions for a Chief Information Security Officer's First Year" by Brian T. Nichols (Campus Technology, August 2006)
- "Keeping the Guard Up in a Down Economy: Investing in IT Security in Hard Times" by Brian D. Voss and Peter M. Siegel (EDUCAUSE Review, September/October 2009)
Books & Publications
- The Career of the IT Security Officer in Higher Education (an ECAR Occasional Paper) by Marilu Goodyear, Gail Salaway, Mark Nelson, Rodney Petersen, and Shannon Portillo
- Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI by Debra S. Herrmann
- Computer and Network Security in Higher Education edited by Mark Luker and Rodney Petersen
- Cultivating Careers: Professional Development for Campus IT edited by Cynthia Golden
- FERPA Guide and FERPA Quick Guide by LeRoy Rooker (AACRAO)
- IT Governance: How Top Performers Manage IT Decision Rights for Superior Results by Peter Weill and Jeanne Ross
- NIST Special Publications (800 series)
- Security Metrics: Replacing Fear, Uncertainty, and Doubt by Andrew Jaquith
Magazines & News Sources
- EDUCAUSE Review Online
- Computerworld Security News
- CSO (Chief Security Officer) Online Magazine
- IEEE Security & Privacy Magazine
- Information Security Magazine
- Network World Fusion
- SANS Internet Storm Center
- SC Magazine
- Security Magazine
- The Chronicle of Higher Education
- Inside Higher Ed
Newsletters
- EDUCAUSE Policy Digest
- Bruce Schneier's Crypto-Gram Newsletter
- CSO Online Newsletters
- IAPP Privacy News – The Daily Dashboard
- Microsoft Security Newsletter
- SANS Security Newsletters (NewsBites, @RISK, Ouch!)
Websites: Visit these sites for recommended resources and links to other websites commonly used by CISOs in higher education.
- Campus Computing Project
- Center for Internet Security (CIS)
- Council on CyberSecurity: Top 20 Critical Security Controls
- Note: See how Virginia Tech is implementing the 20 critical controls as part of its overall security strategy in Randy Marchany's 2013 presentation, "The 20 Critical Controls: A Campus Security Strategy."
- Educational Security Incidents (ESI)
- EDUCAUSE Core Data Service (CDS)
- EDUCAUSE Cybersecurity Initiative & HEISC
- EDUCAUSE IAM (Identity and Access Management)
- EDUCAUSE Policy
- InCommon
- Internet2 Middleware
- Internet2 Security
Professional Development: Face-to-Face & Online Events.
- Security Professionals Conference
- Seminar on Establishing an Information Security Program (typically offered on an annual basis at the Security Professionals Conference).
- Additional EDUCAUSE professional development initiatives, including an annual conference, Connect events, special topic conferences, and institute programs for management and leadership development.
- Career Development for New and Aspiring CIOs (EDUCAUSE website)
- Internet2 offers a global summit, a technology exchange conference, and a variety of technical workshops.
- InCommon offers three different types of events for those who want to learn more about IAM-related issues: CAMP (Campus Architecture and Middleware Planning), Advance CAMP, and Day CAMP.
- EDUCAUSE Live! webinars (free)
- IAM Online webinars (free)
- EDUCAUSE Now Podcasts
Professional Organizations: Consider joining a professional organization. Many offer local chapters with frequent meetings that allow you to build a local network of security practitioners and experts.
- InfraGard
- ISACA
- (ISC)2
- ISSA (separate membership fee required)
- ISSA CISO Executive Forum (separate membership fee required)
Training & Certifications
- SANS Information Security Training
- Security Certification (CISSP, CERT, CISA, CISM, CompTIA, GIAC, etc.)
- Privacy Certification (IAPP offers certification programs and training for CIPP, CIPM, and CIPT)
Social Media: Stay informed by connecting with others via Twitter, Facebook, YouTube, or LinkedIn.
- EDUCAUSE Twitter page
- HEISC Facebook page
- HEISC Pinterest page
- HEISC Twitter page
- Security Awareness Video & Poster Contest Facebook page
- Security Awareness Video Contest YouTube page
- Internet2 Twitter page
- InCommon Facebook page
- Internet2 Facebook page
- LinkedIn (search for Groups like EDUCAUSE, Internet2, Higher Education Information Security, and Information Security Community)
Connecting with Campus Colleagues: It's crucial to continue developing relationships with as many people on your campus as possible.
- CIO
- CPO
- Risk
- Audit
- Compliance
- CFO
- Registrar
- Faculty/Researchers
- Students
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).