While security awareness activities are integral to mature information security programs, we need to find alternative training options that will combat "security fatigue" felt by many of today's end users.
BiographyJames Perry currently serves as Chief Information Security Officer (CISO) for the University of South Carolina. In this role, Perry is responsible for leading the information security and privacy functions at the university. Responsibilities include: managing information security and privacy compliance efforts; effectively communicating risk to senior university officials; developing, updating and maintaining information security and privacy policies; developing, implementing, and maintaining strategic information security and privacy programs; effective interaction with various departments, individuals and agencies across all levels of the enterprise; overseeing work assignments of the information security staff; maintaining relationships with local, state and federal law enforcement and other related government agencies; and overseeing a network of security directors and vendors who safeguard the University's assets, intellectual property and computer systems. Prior to his current role, Perry served in various IT leadership roles at the University of Tennessee System, including Interim Chief Information Officer, Executive Director of Systems, Associate CIO for Statewide Services, and Chief Information Security Officer. Prior to his time at UT, Perry spent 13 years as an IT consultant with a focus on small- to medium-size businesses. Perry holds an MBA from Tennessee Tech University and a B.S. in Business from Lee University. In addition, Perry has earned several industry certifications including the Certified Information Systems Security Professional (CISSP), GIAC Certified Forensic Analyst (GCFA), Cisco Certified Network Professional (CCNP), Check Point Certified Security Expert (CCSE), and the Certified HIPAA Security Specialist (CHSS) among others. Perry is a husband, father of 3, and accomplished barbecue judge.
IT governance is an essential organizational process that allows an organization to successfully realize its IT strategy. Establishing a higher education institutional IT governance program doesn’t have to be cumbersome, but the importance of thoughtful design should not be underestimated. This document provides a high-level checklist of the items to consider when creating an IT governance program.