1 / 23

The CISO as a Shared Resource: Maximizing Efficiency and Collaboration

Learn about the successful implementation of a shared CISO model at Franklin & Marshall College and Susquehanna University, including the benefits, challenges, and shared priorities. Discover how this model promotes cost-efficiency, collaboration, and actionable risk mitigation.

bartos
Download Presentation

The CISO as a Shared Resource: Maximizing Efficiency and Collaboration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The CISO as a Shared Resource

  2. Introductions Alan Bowen CISO Franklin & Marshall College Susquehanna University Carrie Rampp Vice President and CIO Franklin & Marshall College • Mark Huber • CIO • Susquehanna University

  3. Franklin & Marshall College

  4. Susquehanna University

  5. History of Consortium • 2013-2016 Franklin & Marshall College, Susquehanna University, and Bucknell • Policy focus at Franklin & Marshall • Low hanging fruit at Susquehanna • 2017-present Franklin & Marshall, Susquehanna • Renewable 3 year memo of understanding • Employer of record • Liability coverage related to work being performed or physical location, including travel • Confidentiality • Any party can terminate the agreement, no preclusion for future single employer agreement • Other shared services and collaboration

  6. How the model works

  7. Merits of a shared CISO model

  8. Susquehanna Initial Drivers • Cost driven • Efficiencies • Economies of scale • Actionable risk mitigation • Security by committee wasn’t working

  9. Franklin & Marshall Initial Drivers • Cost driven • Collaboration • Grow trust • Change campus culture

  10. View from the CISO

  11. Challenges • Cultural differences • IT strategies • IT organizational differences

  12. Logistics

  13. InfoSec priorities and contemporaneous projects • Policies • InfoSec Program • Controls framework

  14. InfoSec Program Components

  15. Security Controls Slide intentionally blank

  16. Security Controls Slide intentionally blank

  17. Shared priorities and contemporaneous projects • Incident response • Vulnerability management • Cloud vendor assessment tool • Compliance • PCI, GDPR, GLBA

  18. Shared priorities and contemporaneous projects

  19. Consortial Unintended Benefits • Non-InfoSec collaboration • Co-location • Shared knowledge & experiences • Technological collaboration and alignment opportunities • Coop-etition

  20. Keys to entry • Physical engagement • Perception of role/need • Business case • Commitment • CFO/CBO support • Employment strategy • Similar capability maturity • Trust relationship

  21. Carrie Rampp Vice President and CIO Franklin and Marshall College Carrie Rampp Vice President and CIO Franklin and Marshall College Q & A

  22. Carrie Rampp Vice President and CIO Franklin and Marshall College

More Related