|
|
|
|
|
|
|
|
|
|
Home » About Norwich » SGS Today »
News Article
Brian Kelly discusses "phishing," a common identity theft tactic, at a security awareness seminar [photo courtesy of Brian Kelly].
Information assurance graduate honored for efforts to protect university's information
by Benjamin J. Newell, staff
© Sept. 18, 2009 Norwich University Office of Communications
Of all the places to try and promote information security, a university may be one of the most difficult.
"A university setting can be very difficult because there are so many constituencies [such as faculty, staff and students] and each constituency has different objectives," said Peter Stephenson, chief information security officer (CISO) at Norwich University and a professor in Norwich's Master of Science in Information Assurance (MSIA) program.
"The job of the CISO is to keep university information safe, and each constituency has its own types of information and needs," Stephenson added.
For example, the school has administrative data that by law must be protected. Faculty members often have research data that needs to be shared with selective people or groups in the academic community, but which needs to be protected from unauthorized access. Students, of course, have a mix of school and entertainment data like gaming software, photos and music.
So it was no small feat for Brian Kelly, a 2005 MSIA graduate and director of information security and network operations at Quinnipiac University in Hamden, Conn., to receive a nomination for Information Security Executive of the Year for the Northeast by the leadership-recognition group Executive Alliance. He was one of 16 nominees for the award, presented on Sept. 10, 2009, in New York City.
"My daily responsibilities include all things pertaining to information security, from writing policy to monitoring the intrusion prevention system to firewall administration," said Kelly.
University students and staff are not security averse; they often just don't know much about it, he said. In addition to the technical aspects of his job, Kelly spends a lot of time engaged in education and security awareness initiatives.
"When students hear 'Back up your data so you don't lose your important files,' the message doesn't always sink in," said Kelly. "But when you say 'Back up your data or you may lose your photos or your music,' suddenly they realize that security is about protecting something important to them."
Communication is an essential part of any information assurance professional's job. This is something the MSIA program stresses to its students, and is one reason the program requires a lot of writing.
|
|
| |
“[Kelly] is an excellent example of the balance between the security-related skills and the management skills needed to do information assurance well.”
— Dr. Peter Stephenson |
|
|
"The MSIA program was a reading and writing marathon," said Kelly. "Writing for a new professor every seminar was like writing for a new boss—it had the benefit of forcing you to learn to adapt your writing to a new audience."
Kelly said that before the program, his policy prose was "pretty wooden." He learned to tailor his writing to an audience, especially to a nontechnical audience like students and school management.
"Brian is an absolutely excellent representative of our MSIA program," said Stephenson, who had the opportunity to work with Kelly at Combined Endeavor, a multinational communications exercise sponsored by NATO's Partnership for Peace program, in Baumholder, Germany in 2007.
Stephenson attended Combined Endeavor with a group of Norwich undergraduates whose job that year was to manage the intrusion detection system for the exercise's entire network. Kelly, who is also a communication officer with the 102nd Information Warfare Squadron of the Rhode Island Air National Guard, was there to analyze all of the system's data.
According to Stephenson, Kelly had a great understanding of the problems presented to them and the solutions to those problems. It's a skill he's carried with him to Quinnipiac.
"He's an excellent example of the balance between the security-related skills and the management skills needed to do information assurance well," said Stephenson.
Stephenson describes an information security officer's job as a constant balancing act, and noted that working out compromises between conflicting groups of people can be the biggest challenge.
"It's a little bit like a Detroit union negotiation," he said. "In the end, every party will leave upset about something, but they will all be equally upset."
|
|
|
|
|
|
|
|
|
|
Norwich University - School of Graduate Studies
|
Admissions: 1-800-460-5597
|
|
|
|
|
|
|
|
