Benchmarking cybersecurity at Canadian universities
Brian Lesser
Ryerson University
Brian chairs the benchmarking committee and is Ryerson University’s Chief Information Officer (CIO). Since 1995, Brian has held several positions in Computing and Communications Services including manager, academic computing, and assistant director, application development and support. Brian helped lead Ryerson’s move to Google Apps for Education and the renewal of the university’s online learning tools. He helped develop Ryerson’s first identity management system, establish Ryerson’s e-learning support team and is a founding member of Ryerson’s DMZ steering committee.
Abstract
Early this year 37 Canadian universities began CUCCIO’s first attempt at cybersecurity benchmarking. A large working group was struck and we started to work with Bitsight, a cybersecurity rating service. Bitsight provides... [ view full abstract ]
Early this year 37 Canadian universities began CUCCIO’s first attempt at cybersecurity benchmarking. A large working group was struck and we started to work with Bitsight, a cybersecurity rating service. Bitsight provides overall security ratings, grades for things like patching cadence, file sharing, and botnet infections, as well as detailed forensics. From their data we can already see that larger and more complex universities have lower or “basic” security ratings, very few universities have “intermediate” ratings, and none have achieved an “advanced” rating. Of course we’ve started out with many questions. Are these rating relevant to universities? Do larger and more complex universities have to work a lot harder at security? Is it possible for any university to achieve an advanced rating? What other information should we gather and how will all this help us develop better security practices?
This panel will explore some of the detailed results from our benchmarking work. We hope by the time of the panel to be able to discuss some ideas about best practices for improving the security posture of different types of universities from primarily undergraduate through comprehensive to research intensive. To start the conversation there will be a brief presentation by the panelists of our observations to date. Warning: we have just started this journey and there may be a lively debate about the results so far.
The panel will include at least one CIO and CISO as well as other members of the CUCCIO cybersecurity benchmarking working group. The panel may range in size from 4 to 6.
Authors
-
Brian Lesser
(Ryerson University)
Topic Area
Security: Other
Session
D2-S5-01 » Tuesday Session 5 - 1 (15:30 - Tuesday, 19th June, DFA)
Presentation Files
The presenter has not uploaded any presentation files.
