CISO Memo: A Busy Spring

David SherryThe semester has come to an end, and the university celebrated its 244th commencement last weekend. Now is the time for graduates to reflect back on their four years here on College Hill, and for me to look back on the ISG mission since our last newsletter.

In April we released the Policy on Handling Brown Restricted Information. This document was several years in the making, and passed the usual campus wide review and comment periods required of new technology policy. With regulatory and legal compliance measures that must be adhered, this policy (and its accompanying supporting documents) will enable to the university to comply with what is necessary, while also reducing risk.

The Data, Privacy and Records Management Steering Committee (“DPRM”) continues to provide value to Brown by addressing all the necessary areas relative to protecting information. The DPRM committee is close to unveiling a university-wide records retention schedule that covers all the areas needed to make informed decisions on the retention of records (both hard copy and electronic). Along with the University Archivist/Records Manager Jennifer Betts, I have been preparing for this roll-out by visiting with groups and speaking at university meetings. This document will answer a great many questions of the retention and disposal of Brown information and records.

Also, as you will read in another area of this newsletter, we will be strengthening our password rules beginning this summer. This is in anticipation of a new identity management system that will be in production in the fall.  While longer and stronger than what is currently required, this change is necessary for the university to establish federation certification, and to qualify for funding and grants that require higher levels of security.

Finally, I’ll be presenting on Staff Development Day with a presentation called “Security, Privacy and Passwords (oh my!)”.  Our personal and work lives are more and more becoming online in nature.  Increasingly, everything is becoming networked. We work, shop and play in the Cloud, and the data we share that’s collected (whether voluntary or not!) is creating huge profiles about us that is valuable to others. In this session, I’ll be discussing overall web security and privacy, tips and tools for meeting forthcoming password changes, and safe searching techniques.

As always, I welcome your comments and feedback. Please feel free to reach out to me directly at, or the group at Let me know how we are doing, areas of concern you may have, or questions on protecting your identity or personal computing security. And remember, sec_rity is not complete without U!