Cybersecurity is complicated.
Often, it leaves college administrators feeling fuzzy and creates blurred lines between IT and IS- that is, information security.
At EDUCAUSE‘s “Steps Needed to Make Your University Cybersecure,” Paul Jeffreys cleared the air regarding the layers of cybersecurity.
He says the top peel of a college’s cybersecurity entails establishing information security management systems (ISMS), which he defines as the “policies, procedures, guidelines, and associated resources…collectively managed by an organization…based upon risk assessment.”
He also says that ISMS should be utilized proportionately to ensure that the college’s assets are protected and available. That way, ISMS can help a college decide where priorities need to be set regarding cybersecurity, and can help identify potential risks.
“Availability [of ISMS] is important in a university,” says Jeffreys, Director of IT Risk Management at the University of Oxford. “If the assets are unavailable, then the university suffers an enormous loss. The integrity [is risked] and the data is not accurate.”
From there, colleges can dig down the other layers of their ISMS. The layers include: the real world, network, information, personal access, people and social.
Jeffreys says that help from the higher-ups within a college or university will help maintain a proportionate level of cybersecurity in each layer.
“The essential bit is governance and leadership,” he says. “It’s the thing that makes it all work. Everything [will] align when you have people in these roles engaged.”
Jeffreys also says that even though handling each layer similarly is difficult, proportionate treatment is necessary to make sure a college’s information security is in the right hands, and safely available for the rest of the campus.
“It’s not just making sure the right person is getting it,” he says. “It’s also about making sure [the information] is available when you need it, and that the integrity is good.”