Information Technology Services is adding a new officer position to help keep Yale’s electronic information safe.
Chief Information Officer Len Peters, who took office this academic year, said he plans to alter the department’s administrative structure, and is beginning by introducing a new Chief Information Security Officer. This individual will oversee the broader strategy for information security at Yale with a focus on hacker prevention and other risk-management, he said.
Peters said the decision to create the position was not in response to any specific event, such as the discovery this summer that 43,000 Yale social security numbers had been leaked.
“On an ongoing basis we need to be assessing and weighing our risks and understanding where we need to make appropriate investments,” he said of his reasons for establishing the new position. “The chief information security officer will be someone who will take a University-wide view of technology, infrastructure and architecture processes.”
The job was posted on the web June 23 and applications are now closed, according to the website. Peters said that a search committee of ITS members, members of the University General Counsel, clinical administrators and faculty has been evaluating candidates since July. Peters said the committee decided that the new officer will come from outside of Yale to bring in fresh ideas and will start work in mid-October. The results may be announced as early as next week.
According to the job description, the Chief Information Security Officer will oversee an information security team to respond to data breaches and investigation security threats to University systems. He or she will also serve as a liaison between ITS and the University General Counsel, University Police and other academic and administrative officials for all information security matters.
Michael Fischer, a professor of computer science who specializes in security and cryptography, said Information Security Officer Morrow Long has always responded promptly to his questions about security, but added that he hopes the new position will help ITS communicate more openly with the Yale community and keep tighter control of sensitive data.
“I think the first way to improve would be to be open about what is going on in ITS,” Fischer said, adding that when he received a letter from ITS about the fact that his social security number had been public for the last 10 months, nobody could tell him why ITS was keeping his private data from 1999, or who had access to it.
A verbal opponent of Yale’s decision to outsource email to Google Apps for Education, Fisher said he would like to see a more thorough examination of all the areas of Yale’s information that are outsourced to other websites or providers — for example information about applicants to the faculty or to the graduate school.
ITS officials would not respond to requests for comment on whether Morrow Long will continue his work as Information Security Officer once the new Chief Information Security Officer begins. Long also declined to comment.
The listing for the new officer position requires that a candidate has worked five years in a leadership role in a demanding security, audit or compliance field with exposure to large-scale security projects.
The salary for the position, based on a 37.5-hour work week, will be between $109,000 and $192,000.