A common challenge we are seeing across higher ed, especially in the COVID-19 era, is that institutions are under-resourced when it comes to dedicated IT security leadership. Most institutions have CTOs and/or CIOs, but these people already have full-time jobs and are busier than ever managing the increased demands of remote environments. They need someone focused on data security, but too often they must delegate responsibility to a system manager or similar resource. That is very often not adequate support to maintain data security.
The truth is, a trained Chief Information Security Officer (CISO) is the best option. This is someone who is dedicated to the task of data security and compliance and who continually keeps up with their certifications. A really strong CISO will do security assessments, make recommendations, implement best practices and procedures, develop risk registers, and map IT in line with regulations. Most of these individuals are Certified Information Systems Security Professionals (CISSPs) and many have additional certifications, including:
- Masters of Information Technology, core in Information Security
- Bachelors of Science in Computer Networks and Cybersecurity
- Certified Information Security Manager (CISM)
- Certified Information System Auditor (CISA)
- Certified Ethical Hacker (CEH)