According to Provost and Executive Vice President Nick Jones, the new office is distinct and separate from Information Technology Services but will include one of its former components, Security Operations and Services. It will initially be helmed by College of Information Sciences and Technology Dean Andrew Sears while Penn State looks for a permanent chief information security officer.
“In establishing the Office of Information Security, Penn State consulted with a number of constituent groups from within the university, as well as outside experts, and looked carefully at the best practices not only in higher education, but in government and private industry,” Jones said in a release. “Large organizations such as universities, government entities and corporations — which are inviting targets for malicious attacks — have begun separating their security efforts because information security is so vital to the organization as a whole. In today’s world, information security is no longer the sole purview of IT — it permeates every facet of a university, a company, organization or institution.”
The move comes after the university announced data breaches twice this year. In May, Penn State confirmed two attacks over the course of several years in the College of Engineering. In June, another breach, of the College of the Liberal Arts, was announced.
“Penn State has always taken information security very seriously and we are constantly looking at new approaches, technologies, etc. to keep our network infrastructure, data and people safe from potential cyberattack. The formation of this new office was not a direct reaction to the breaches announced earlier this year, but rather, part of a continuous effort to better secure the entire university,” Jones said.
“This is something on which we were consulting with outside experts and internal constituents both before and during the responses to the announced breaches. Making this office separate from Information Technology Services not only gives the Information Security Office the ability to more effectively respond to threats, but also signals to everyone how critical information security is across the entire university, and that information security is indeed more than just an IT issue.”
According to statistics released by the university in June, Penn State was the target of 22 million hostile cyberattacks per day this year. The attacks came from around the world. The College of Engineering breaches were traced to China. The Liberal Arts attackers were not identified.
“This is an important step for Penn State. Increasingly, organizations are recognizing the importance of having an office that focuses on information security, which is independent of the group responsible for running the computing infrastructure. By establishing an independent office, Penn State is better positioned to respond to the increasingly complex challenge of protecting information that has been entrusted to the university. This also highlights the importance of these issues while emphasizing that this is not just an IT problem,” Sears said.
©2015 the Centre Daily Times (State College, Pa.) Distributed by Tribune Content Agency, LLC.
