A common challenge we are seeing across higher ed, especially in the COVID-19 era, is that institutions are under-resourced when it comes to dedicated IT security leadership. Most institutions have CTOs and/or CIOs, but these people already have full-time jobs and are busier than ever managing the increased demands of remote environments. They need someone focused on data security, but too often they must delegate responsibility to a system manager or similar resource. That is very often not adequate support to maintain data security.
The truth is, a trained Chief Information Security Officer (CISO) is the best option. This is someone who is dedicated to the task of data security and compliance and who continually keeps up with their certifications. A really strong CISO will do security assessments, make recommendations, implement best practices and procedures, develop risk registers, and map IT in line with regulations. Most of these individuals are Certified Information Systems Security Professionals (CISSPs) and many have additional certifications, including:
- Masters of Information Technology, core in Information Security
- Bachelors of Science in Computer Networks and Cybersecurity
- Certified Information Security Manager (CISM)
- Certified Information System Auditor (CISA)
- Certified Ethical Hacker (CEH)
Having a CISO really gets you ahead of the challenge with a structured approach. A full-time CISO can be expensive, especially for small- and medium-sized institutions. CAG offers a “fractional” or “virtual” CISO service. Our CISOs embed right into campus organizations and report directly to the campus CTO. And because they’re fractional, campuses only consume what they need, so they are getting all the benefits of a CISO at a fraction of the cost. Learnings are shared across our client institutions, adding value and perspective to all of our clients and shortening their learning curve.
For more information on our virtual CISO, vulnerability assessments, or regulatory and compliance audits, please contact email@example.com.