Penn State establishes Office of Information Security

UNIVERSITY PARK, Pa. -- As part of ongoing efforts to fortify Penn State’s network infrastructure, data and people from potential cyberattack, the University announced today (Sept. 11) the establishment of a new Office of Information Security.

Nicholas P. Jones, executive vice president and provost at Penn State, said the new office will be a separate unit from the University’s Information Technology Services (ITS) and will include Security Operations and Services (SOS), formerly part of ITS.

Andrew Sears, dean of the College of Information Sciences and Technology, has been designated as the interim chief information security officer (CISO), heading up the office as a national search begins for a permanent CISO. The CISO will dual report to the provost and to David Gray, senior vice president for finance and business.

“In establishing the Office of Information Security, Penn State consulted with a number of constituent groups from within the University, as well as outside experts, and looked carefully at the best practices not only in higher education, but in government and private industry,” Jones said. “Large organizations such as universities, government entities and corporations – which are inviting targets for malicious attacks – have begun separating their security efforts because information security is so vital to the organization as a whole. In today’s world, information security is no longer the sole purview of IT — it permeates every facet of a university, a company, organization or institution.”

On an average day, Penn State repels millions of overtly hostile cyberattacks from around the world against its network infrastructure.

“Integrating the expertise of the SOS staff quickly establishes a very solid foundation on which the Office of Information Security can build,” Jones said. “We envision that the Office of Information Security will work closely with and leverage the extensive experience that exists across the entire University. This office will work in partnership with ITS and directly with all other IT units across the institution.”

Sears said, “This is an important step for Penn State. Increasingly, organizations are recognizing the importance of having an office that focuses on information security which is independent of the group responsible for running the computing infrastructure. By establishing an independent office, Penn State is better positioned to respond to the increasingly complex challenge of protecting information that has been entrusted to the University. This also highlights the importance of these issues while emphasizing that this is not just an IT problem.”

Before coming to Penn State, Sears served as the dean of the B. Thomas Golisano College of Computing and Information Sciences at the Rochester Institute of Technology (RIT).

At RIT, he founded the first academic department in the United States dedicated exclusively to computing security. Sears was also among the attendees at the White House Summit on Cybersecurity and Consumer Protection earlier this year where President Barack Obama signed an executive order to promote information sharing about cyber threats.

Jones said, “This is part of our continuing efforts to show that Penn State takes information security very, very seriously. This is the reality of the world we live in today. We believe the establishment of this office will better serve Penn State’s security needs in the years ahead.”

Last Updated September 18, 2015