USC holds inaugural information security retreat
In recognition of National Cyber Security Awareness Month, USC sponsored its first annual information security retreat on Oct. 22. Hosted by the Office of Compliance and Information Technology Services (ITS), the all-day event drew more than 150 information technology (IT) leaders, university administrators and faculty members.
“Information technology is a powerful tool that aids our researchers, enables new pedagogies and inspires our students,” said Elizabeth Garrett, USC provost and senior vice president for academic affairs, during opening remarks. “As a major research university, we operate in a uniquely challenging security environment where our faculty and students expect our IT systems to be open and flexible.”
Garrett stressed that “we all must be proactive when it comes to information security. Responding to attacks and other incidents is a necessary duty, but I believe our collective goal should be to collaboratively plan and implement strategic design decisions and purchases that result in effective and secure IT systems.”
Laura LaCorte, associate senior vice president for compliance, and Ilee Rhimes, chief information officer and vice provost for ITS, outlined the main objectives of the retreat: to identify immediate security challenges and introduce new initiatives to address them in the short term; engage in a candid and thoughtful dialogue about long-term information security strategies; and bring together IT professionals, school and unit administrators, and central administrators to participate in a continuing conversation about USC’s IT and information security needs.
Throughout the day, USC speakers covered a range of security topics, including best practices for protecting the university’s network and sensitive data, third-party vendor management, and cloud-storage solutions.
Guest speakers at the retreat included FBI and U.S. Secret Service agents, who shared their perspectives on current threats to cyber security, and representatives from the auditing firm Ernst & Young.
Robert Lau, director of systems security for ITS; Howard Levy, associate senior vice president for audit services; and Maria Suarez, director of information security in the Office of Compliance, participated in a discussion about their respective roles in information security at the university.
Joseph Greenfield, lecturer in the USC Viterbi School of Engineering’s IT program, gave a presentation on the security challenges presented by students’ uses of mobile technology.
Russell Kaurloto, associate chief information officer for information technology at ITS, led a discussion with Lau and an Ernst & Young representative about best practices and future options for USC network security.
Derek Lazzaro, manager of academic initiatives and counsel for the Office of the Provost, facilitated a panel on third-party vendor management that included Suarez; John Parker, chief technology officer for the USC Dornsife College of Letters, Arts and Sciences; and Douglas Shook, dean of academic records and registrar and chief technology officer for enrollment services.
Samuel Gustman, chief technology officer for the USC Shoah Foundation Institute and associate dean for the USC Libraries, and Ernst & Young representatives discussed cloud storage and the USC Digital Repository.
Susan Metros, associate chief information officer for Technology-Enhanced Learning at ITS and associate vice provost, led a discussion about mobile devices and data security with Joshua Lee, chief information officer for the Health Sciences Campus, and Jason Martinez, director of information services at the USC School of Cinematic Arts.
At the close of the retreat, participants agreed to implement a number of measures to improve information security across the schools and units, and LaCorte and Rhimes established a framework for the development of the university’s information security strategy.