Presentation Notes: Securing the Enterprise Beyond Information Protection (Mark Silver)

Great Lakes IT Leadership Forum

  • Not everything is under one roof: security at the time of distributed computing
  • What are the ethics and the morality to make decisions - interactions? Where does the data sit and who has the control of it?
  • IT security --> Digital security --> Digital Risk
  • Cyber security is data and software oriented - digital security includes hardware, firmware, platform...
  • Adaptive architecture and effective governance
    • architecture: predict, prevent, detect, respond
    • governance: risk management, organization, people
  • Line of site: strategic direction, tactical business processes, risks associated with the business processes and control put in place - IT engagement with the business: Management Strategic Intent (Information Security Policies do influence strategic direction of the organization)
  • Identity and Access Management in an environment where we don’t have authority or control
  • Understanding cyber interaction with physical world
  • What do we do with the artificial systems that generate their own data
    • how do we classify it?
    • how does security influence our business?
    • how the embedded systems change the way we do things? self-healing networks?
      • neural networks, AI systems: what happens if some foreign power(s) influences workflow? or generate your system the data?
  • value of digital risk and security
    • everyone things we need some controls - how much is enough?
    • value in the context of our mission
  • Context of trust (system works as expected) and resilience (ability to recover) to maintain privacy, safety and risk management
    • Data: confidentiality, integrity, availability
    • People/Environment: privacy, safety, reliability
    • Combination of people, process and systems
    • SIPOC: supply / input / process / output / customer

Questions

  • Q: Risk tolerance questions: experimentation that drives the risk is occuring - alignment between accountability and where the action is taking place
    • Enterprise systemic risk management
  • Q: what is the organizational risk tolerance
    • depending on culture what is the tolerance for failure and acceptance of the risk associated with that (example Google)
    • what types of risk are you ready to accept (or Not)
  • Q: Risk of the technology and AI - should we be afraid?
    • Asimov: laws of robotics - we in higher ed are in the uniques position to lead and cannot be bystanders
    • Understanding the implications for the organization
    • Should not be afraid - engage with the research
    • Open vs. closed environment and the right fit