Improving cybersecurity practices

Improving cybersecurity practices from the classroom to the boardroom

How colleges and universities can engage and educate all campus stakeholders about infosec.

Key takeaways

  • Good cybersecurity governance isn’t just about technology—it’s about people and processes, too
  • Everyone on campus, from students to board members, needs infosec training and education
  • When engaging campus leadership, a focus on incident response is as important as prevention

Dave Swartz, Vice President and Chief Information Officer, American University 

The first thing to know about cybersecurity is it's more than technology. It includes people and process. And this broader area of people and process we refer to as cybersecurity governance.  

We really need to be looking at all aspects or dimensions of the challenge really, not just dealing with the technology but the challenge with people. One of our vulnerabilities today is the lack of awareness and knowledge of our people. So, we do focus a lot, not just on providing training to them, but we also provide an active learning environment where we actually simulate intrusions through pen tests and what we call blue and red teams.  

But we also do active phishing. So, we actually phish our staff, faculty, and some students. And if they fall for the phish, then we get them directly into a training program that makes them less prone to that kind of social engineering.  

We also are focused on issues of governance, which means we have to engage our leadership and our board and not just focus on prevention but incident response. So how do we respond to an incident? Can we do it properly and do it quickly? And that's almost as important as dealing with the prevention side.  

Our board, like many boards, has a diversity of expertise. So, we had to raise the bar on their understanding. The way to do that is to approach it, not as a technical training exercise, but as one that engages them around the language of risk and the business value of your investment in cybersecurity.  

We did it through case studies where we looked at problems other universities had and what we could learn from that experience. And we also engaged the board members in what they could share from their own experiences. The key thing, I think, is about engagement and keeping them abreast of our progress and where we are. 

Topic
Data Security

Products & Services

Managed Services

Strengthen your strategy and execution for improved institutional performance.

Read More
Enterprise Resource Planning & Student Information Systems

Improve efficiencies, stay informed, and deliver a great constituent experience.

Read More
Ellucian Cloud

Say hello to the cloud built for higher education. Ellucian Cloud Solutions and Services are designed specifically to help higher education institutions modernize their systems without disruption to help you solve our toughest challenges.

Read More

Stay Up To Speed

Insights - Infosec tips
Spotlight
Infosec tips for higher education

Learn the top six security threats to college campuses and what steps you can take to mitigate the risk. 

Dive Deeper
Get Ahead

Get Started Today

 Connect with us
 Schedule a demo
Home Close