[unisog] Who do you guys report to?

Martin, James E. martin at more.net
Thu Aug 23 14:10:23 GMT 2001

Agreed. I'm one of the split reporters, until September 1, when I convert to
Level 2 only. That conversion is taking place roughly 3.5 years after
Security was formally created as a working group, for those interested in

I have no *authority* to report to our Audit department. That's never
stopped me from having a good informal working relationship with them -
they're one of my primary allies in policy setting. 


University of Missouri System

-----Original Message-----
From: Mr Christian Wilson [mailto:Christian.Wilson at its.monash.edu.au]
Sent: Wednesday, August 22, 2001 6:02 PM
To: Mr Christian Wilson
Cc: unisog at sans.org
Subject: Re: [unisog] Who do you guys report to?

Hi Again!

I did mean to summarise these results a long time ago, but I have now so
that's good :-)

33 people replied to my little survey.

In general terms:

0 were reporting to category 1
13 were category 2
20 were category 3

A number of the people in category 3 said that they believed they should
be reporting to category 2. It was also interesting as a number of people
also officially report to category 3, but for the important security issues
they end up reporting to category 2. (This is also my situation as well).

I guess I was suprised that no one was reporting to the Audit and Risk
management section, they're another group in my University which I do
work really closely with, and that is useful because we often work together
and audit various aspects of the University IT environment. In one of the
latest issues that I'm dealing with, I've found them useful in helping me
point out risks to other bits of senior management.


On Fri, Aug 03, 2001 at 11:46:22PM +1000, Mr Christian Wilson wrote:
> Hi,
> I am curious as to who you various University IT Security
> people with IT security responsibilities report to.
> Is it...
> 1. The Audit and Risk Management department in your University?
> 2. The Head of your Information Technology Unit/Division?
> 3. Someone underneath #2?
> If you send me replies directly then I'll summarise to the group after
> a week or so. I am currently reporting to #3 in the scenarios described
> above, and I feel that it needs to be higher up in the organisation in
> to produce effective results. I'm interested in seeing how it works at
> Universities so I can compare where I'm at to where you guys are at and
> make a possible proposition.
> All replies gratefully appreciated.
Christian Wilson
IT Security Manager, Infrastructure Services
Information Technology Services, Monash University - Clayton
Phone: +61 3 990 51187

More information about the unisog mailing list