Large and small businesses, nonprofit organizations and government agencies in Central New York have an opportunity to receive no-cost information security audits through a new project at Syracuse University.
"What we are essentially offering is free information security audits in exchange for research access," says SU's Jeff Stanton, assistant professor in the School of Information Studies and director of the Syracuse Information Security Evaluation (SISE) Project. Stanton is a GIAC-certified information security officer.
SISE's latest science-in-practice research project focuses on behavioral information security, which studies how human actions within organizations influence the confidentiality, integrity and availability of information and information systems. To begin the project, Stanton and Kathryn Stam, assistant director of SISE and senior researcher in the School of Information Studies, are seeking as many as 20 organizations in the Central New York area to participate.
Beginning as early as Oct. 1, research teams will observe and document security-related behavior using multi-method behavioral security audits. Researchers will conduct interviews and job observations with employees, management, and information technology professionals as well as reviews of existing security controls, architecture and policies. As a result, participating organizations will receive detailed reports on current information security status and future opportunities for enhanced security.
"Our overriding goal is to help organizations improve security without compromising organizational effectiveness or the quality of work life," says Stam. "We will attempt to achieve this by making sure that information security works for people rather than the other way around."
Although the duration of each project relationship will depend on the mutual interests of the organization and the SU research team, projects will typically last one to three months from the time of the initial visit to the delivery of the summary report and SU's presentation to the organization's staff. More complex or lengthy engagements may require nominal stipends for the support of the research teams. Likewise, sites that are distant from the University may need to provide some form of travel support.
"Many small organizations are now providing universal, always-on Internet services for their employees, a major source of information security vulnerability. Any organization with 20 or more employees that uses information technology or shares information resources using networked computers is eligible for the kinds of analysis, reporting and intervention that we will provide," says Stanton.
Stanton and Stam's work builds on a program of research begun in 2001, and is funded in part by a new award from the National Science Foundation's Information Technology Research and Societal Dimensions of Engineering, Science and Technology programs. For information on participating, call Kathryn Stam at (315) 443-5673 or e-mail her at krstam@syr.edu.
The School of Information Studies at SU is a nationally ranked center for innovative programs in information policy, information behavior, information management, information systems, information technology and information services. The School offers an undergraduate degree, three professional master's programs, and a Ph.D. program.
Officially chartered in 1870 as a private, coeducational institution of higher education, Syracuse University is a leading student-centered research university. Syracuse's 11 schools and colleges share a common mission: to promote learning through teaching, research, scholarship, creative accomplishment and service while embracing the core values of quality, caring, diversity, innovation and service. The 680-acre campus is home to more than 18,000 full- and part-time undergraduate and graduate students from all 50 states and 90 countries.
