1 / 19

Eight Schools Information Security Policies: The Process at Hotchkiss

Eight Schools Information Security Policies: The Process at Hotchkiss. Information Security…. …not an entirely new idea. Hotchkiss Strategic Technology Plan. Developed May 2007 through February 2008 by a twenty-member broad-based committee

aurek
Download Presentation

Eight Schools Information Security Policies: The Process at Hotchkiss

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Eight Schools Information Security Policies:The Process at Hotchkiss

  2. Information Security…

  3. …not an entirely new idea.

  4. Hotchkiss Strategic Technology Plan • Developed May 2007 through February 2008 by a twenty-member broad-based committee • Comprehensive plan covers academic and administrative technologies

  5. Hotchkiss Strategic Technology Plan • Resulted in action-oriented goals and detailed action plans • After adoption, a workgroup was assigned to begin work on administrative objectives

  6. Progression of Work Information Security Policy Project Administrative Technology Workgroup Educational/Instructional Technologies Administrative Technology Strategic Technology Plan

  7. Administrative Technology Workgroup • Surveyed all departments • Identified systems that process data • Created comprehensive systems list • Diagrammed system and data overviews • Once background work was completed, workgroup evolved into Data Committee Committee work began before the Eight Schools initiative, but helped to identify information security needs and to inform the process for Hotchkiss

  8. Application List

  9. Responsibilities for Information Security Project • There is no dedicated information security officer • Information Technology Governance Council • School leaders and IT Director • General IT governance and strategic oversight • Information Security Steering Committee • CFO, Dean of Faculty, HR Director, IT Operations Manager, IT Director • Provides oversight for this process

  10. Responsibilities • Data Committee • Moving forward with recommendations from Administrative Technology Workgroup • Oversee identification and classification of data • Key role in rollout of information security policies • HR Director and Dean of Faculty • Communicate and enforce policies with Staff and Faculty • IT Department • Implementation of technology solutions

  11. Process • Kick-off call with Information Security Steering Committee • FishNet overview • Review charter • Discuss site visit and responsibilities • Charter review • Steering committee • Key members of ITS and other departments

  12. Process • Gathered and shared existing policies and documentation • FishNet site visit • Information gathering and discussion of the process • Met with several groups of stakeholders • Alumni and Development • Information Technology • Health Services • Business Office • Data Committee • Admissions • Human Resources • Communications • Security • Deans

  13. Process • FishNet creates draft policies, solicits feedback per schedule • IT Director shares preliminary policies among groups as appropriate and seeks feedback • Feedback communicated via Eight Schools SharePoint Site and weekly status calls

  14. Implementation • IT will address technical aspects, but this is more than an IT initiative • CFO will address Business Office requirements • Human Resources will address components, and communicate policies to Staff • Dean of Faculty will address components and communicate policies to Faculty

  15. Some Challenges • Enlisting Involvement outside of IT – “It’s an IT issue.” • Consistency of Eight School policies with existing Hotchkiss policies (Red Flag, AUP, etc.) • Differing timelines and priorities among Eight Schools • Information overload and implementation concerns • Large number of drafts to review (charter, policies) • Sixteen policies to implement; some may already exist, many do not

  16. Summary • Technology Planning process was critical for Hotchkiss • Responsibilities are distributed • Implementation may be intimidating, but will be achieved methodically • Consortium work added tremendous value to policy development process There are challenges, but the process is valuable and the policies are essential

More Related