Glenn Setliff, director of Information Technology, recently sat for and passed the Certified Information Systems Security Professional Certification (CISSP) exam. The CISSP title is a requirement for working as an information security professional and is an important first step in creating a DUSON/Duke Health Information Security Office (ISO) partnership.
“Last year, David Bowersox, associate dean of finance and administration; and I were brainstorming about areas where technology could improve. One of the most consistent concerns from faculty and staff was the amount of time it takes for IT Security reviews to be completed by the Duke Health ISO,” says Setliff. In fact, the delay can be as much as four to six months. Setliff explains, “In addition to resolving major security threats and maintaining security systems, the ISO had a large backlog of applications for both clinical and research purposes requiring review. While large clinical systems can usually absorb the time delays caused by this backlog, DUSON systems were frequently date-dependent and, therefore, could not.”
The solution that Bowersox and Setliff developed was a proposal to partner with the ISO.
“We proposed that the ISO out-source DUSON security reviews to the SON-IT organization,” Setliff says. To create this partnership, DUSON would provide a trained and certified IT security professional having the required CISSP designation. By decentralizing the IT security reviews and moving the responsibility to the local unit, it creates efficiencies that currently cannot be realized. Setliff adds “The bottom line is that SON-IT is in the best position to understand the nuances of our academic/research environment and what fits. It’s in our best interest to make sure we meet or exceed Duke Health security standards.”
The ISO agreed to pilot this partnership over the summer with two research applications being used for a project by Paula Tanabe, associate dean for research development and data science; and Terri Demartino, research program leader. If successful, we can expect future opportunities for SON-IT to perform IT security reviews for products and services used by the DUSON community.