Gary Gaskell et al

Security policy insights in the university sector

Gary Gaskell, Adrian Tarca, Dianna Madden, Franz Eilert and Kent Adams

The purposes and presentation of security policies have changed from a thick manual of rules two decades ago. This presentation will describe how a University gained widespread buyin for a revamped set of security policies and procedures.

Universities have a diverse set of stakeholder interests ranging from corporate expectations, lecturers, researchers (developing high value intellectual property) and even sensitive personal records within medical practices. A recent process to update a University’s security policies and processes included these diverse stakeholders and structured the components of the policy framework to deliver business benefits and avoid the typical power/control politics that often plague security policy changes and adoption.

The presentation will describe how JCU structured their security policy framework and managed their policy development process to obtain wide support.

'The project team successfully delivered the JCU Information Security Policy Framework, Policies and Guidelines Project.
The team of domain expert consultants and JCU staff undertook an institution wide review and implementation of
improved of information security.

Gary Gaskell is a security risk management specialist with 20 years in the information security field. His background is a technologist in development and system/network administration who now focuses on improving the management of security and IT risks. He holds an M App Sc (research), B Eng, B IT, CISSP, CISM, CISA, and SBCI. Gary worked in the tertiary sector for 7 years.

Franz Eilert is project director and information security consultant with extensive experience across multiple sectors and primarily focusing in the higher education environment in the past 10 years. He has 25 years experience in Information Technology recently focusing in the development of innovative large data projects that will transform business models.

Adrian Tarca is the information security policy officer at JCU with extensive hands on experience in delivering enterprise level technological security solutions.

Dianna Madden was the key interface between the project team and the organisation. Her duties involved educating decision-makers regarding policy creation, facilitating the revision of existing policies to meet guidelines and providing advice regarding best practices.

Kent Adams was the Information Technology Director at JCU. Kent saw the need for consistent information security policies that deliver positive business outcomes by providing the business with a consistent framework for risk management which aligned with the corporate appetite for risk. Kent has retired.