Security Lessons at Northwestern

To deal with a network security breach before or after it happens, it pays to consider all the possibilities, communicate quickly and effectively, and always be prepared... because it could happen to anyone. Those were among the conclusions shared at the recent "Lessons Learned from Information Security Incidents" presentation, sponsored by NUIT and hosted by David Kovarik, director of NUIT Information and Systems Security/Compliance. Nearly 100 technology staff attended the presentation at locations on both campuses.

"Lessons Learned" focused on significant security-related incidents at Northwestern during the past year. Key staff from areas within the University with firsthand experience recounted what led up to these incidents, strategies for dealing with them, and how problems were resolved.

Kovarik discussed opportunities for improvement, plans to prevent recurrences, and department-level recommendations including establishment of a communication plan, documentation of procedures and events, and timely follow-up with appropriate personnel. He also outlined major security-related initiatives being implemented by NUIT, including the establishment of an Information Security Advisory Committee with members from key NU schools and departments, and a University-wide Information Security Coordinators network whose members have responsibility for security within their respective schools or departments.

If you are interested in having David Kovarik speak about security concerns at your faculty or staff meeting, please contact him at 7-5930 or <david-kovarik@northwestern.edu>.