Cyber security is on the radar of Australian universities and government alike, as rates of breaches continue to increase and state-ordered attacks become more common.
Dr Elizabeth Valentine, Chief Information Officer of New Zealand’s Massey University, believes the biggest threats to universities in the ANZ region are already well-known.
“The top risks for Higher Education in NZ and AU include phishing, social media harassment, ransomware, IP theft (piracy), account hacking, credit card fraud and denial of service attacks,” Dr Valentine said.
“In addition, lack of digital capability and IT governance competency adds to risk or poor decision-making and change leadership.”
IT security governance should not be confused with IT security management. IT governance provides the accountability framework and oversight to ensure risks are managed while management ensures controls are implemented.
As Dr Valentine explains, “Capability in all three areas of IT governance (below) helps to ensure the board and executive meet their duty of care responsibilities (to be competent to govern in a digital world).”
The potential repercussions for ineffective governance are to be taken seriously; “prosecution for breach of duty of care for poor or inadequate responses to security breaches” and “reputational damage leading to potentially significant financial and competitive damage.”
According to her research, Dr Valentine says there are three areas of IT governance competency that all board and senior team members need:
- “Leading I&T enabled strategy and performance. This capability includes leadership from the board in aligning I&T as part of overall strategy, planning and change to improve performance
- “Governing I&T risk and conformance. This covers board oversight of a wide range of areas of I&T risk and compliance. These include: disruption and competitive I&T use, information security, business continuity, IT-infrastructure and reputational risk
- “Directing value creation. This capability includes understanding digital disruption and innovating to create value.”
Currently CIO at Massey University, Dr Elizabeth Valentine is also an experienced CEO and company director. Her consulting business and recent studies focus on digital transformation and leadership and governance in a digital world.
Hear directly from Dr Valentine at the Cyber Security for Higher Education conference where she will discuss what boards and senior executives need to know and do about cyber security governance.
Being held in Sydney from 24 – 25 March, the event focuses on improving human resilience to cyber attacks and implementing better solutions against the latest cyber threats. Disrupt traditional thinking, challenge the status quo and arm yourself with knowledge to prepare for what’s to come.