This article has been indexed from The Duo Blog
When a security leader creates a security program, conventional wisdom says that they should align that program to the institution’s mission. That the purpose of security is to “enable the business” — which for higher education means supporting teaching, learning, research, and operational efficiencies. I would suggest that the purpose of security is beyond even these lofty objectives.
Security exists not for security’s sake, but so the community can trust what our institution does, and how we do it.
According to CIO.com, trust and transparency “are presenting as the new first-class differentiators, with experience, engagement, price and quality all now settling in as second class.”
What does transparency look like in higher education?
- We are up front about what data we collect, what we do with it, and how we keep it.
- We give our community of faculty, staff and students as much control over the technology they use and the data they manage as possible, while ensuring careful handling of other people’s information.
- Our institutional review boards ensure technology, data ethics and security are included in their considerations of appropriate research methodologies.
- Considerations of privacy, security and data management are included in all business processes and operational expenditures.
Trusting Our Institutions
So how do we know when our institutions are trustworthy? It is the same as evaluating people. We trust people when they are honest, reliable and accountable for their behavior. When we manage systems and information on behalf of an institution, the way we do it reflects on the values of the institution. Do we transparently share our data handling, privacy, and security policies? Do faculty and staff hold themselves and others accountable for doing their work well, maintaining confidentiality and appropriate use of data? Do they take ownership when things go wrong?
Trust is neither binary nor permanent. Who we trust, and how much, and how long, depends on context. Higher education institutions may want to be trusted, but it’s easy to lose the trust of our community if our systems fail or our information is incorrect. We may
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Trusting Remote Work Security in Higher Education