1. Address the Technical and Cultural Aspects of Centralizing
The shift to centralization raises questions for IT teams: How should they standardize their tools and processes? Will employees need training on security solutions? Are networks segmented appropriately? Many institutions are adopting integrated platforms that offer better anomaly detection, faster response times and other advanced capabilities.
The bigger hurdle is often cultural. When longtime users are comfortable with the tools they have, they may resist learning something new. One way to ease the transition is through messaging that resonates emotionally. For example, many users are more motivated to protect their personal information than institutional data. Tapping into these concerns may be more effective than focusing on compliance requirements.
EXPLORE: Learn how to execute an incident response plan.
2. Balance Regulatory and Security Priorities
Many universities have extremely complex regulatory environments. If there is a cybersecurity regulation, higher education institutions are likely to be exposed to it. However, many of these regulations conflict with and even contradict one another. Campus security teams must rely on tools that enable network segmentation within a centralized environment.
Another challenge is the mismatch between regulatory and operational concerns. Security teams that are centralizing security must be aware of these disparate priorities and strike the proper balance among them.
3. Engage Leadership for Security Accountability
Institutions rethinking their approach to security should ensure there is accountability among institutional leadership. While security teams are responsible for ensuring security processes are effective, leaders must be aware of how budgeting, staffing and other decisions can affect risk management. Tabletop exercises and similar practices are an excellent way for executives to understand the implications of their decisions from a risk management perspective.
