UA CISO Speaks at National Cybersecurity Summit
The human factor in information security. Protecting information in government-funded research. Hiring and retaining cybersecurity talent. These are some of the top University of Arizona information security challenges, but UA chief information security officer (CISO) Lanita Collette recently discovered they are shared throughout the public and private sectors, too.
Collette spoke on a CISO panel at the Gartner Security and Risk Summit in Washington, DC, on June 13. Her fellow panelists included Chris Wlaschin, from the Department of Health and Human Services, Bob Jamieson, from Mallinckrodt Pharmaceutics, and Robert Daugherty, from Cobham Advanced Electronic Solutions. As they discussed their topic of Top Security & Risk Management Priorities, they discovered many commonalities despite the different focuses of their organizations.
“As a Tier 1 research institution,” Collette recounts, “the ability to meet NIST 800-171 requirements is critical for our research population and is driving the development of our campus Controlled Unclassified Information infrastructure. But despite our diverse missions, two out of the other three organizations on the panel are also using NIST guidelines to frame their security programs.”
On the topic of hiring staff, Collette felt she had an edge over her peers. “One of our greatest advantages in hiring information security personnel is that UA is growing great talent through our programs.” These programs include the Eller College of Management’s BSBA with an Enterprise Security Certificate and their MIS in Cybersecurity. The MIS program is ranked #4 nationally by U.S. News and World Report. Additionally, UA South offers a BAS in Cyber Operations.
One of the areas Collette said that all the CISOs were focused on is framing highly technical security needs in the language of business, in order to facilitate board communication and attain leadership buy-in. Cybersecurity is essentially a risk management practice, and helping leadership understand the risk landscape enables them to make appropriate and cost-effective decisions for cybersecurity investments.
Overall, the gathering of information security professionals provided Collette and the other attendees affirmation that there are common challenges in cybersecurity across sectors, and that chief information security officers across the spectrum are finding similar ways to respond to them. The sharing of information, experiences, and best practices help all institutions secure their information.