120 likes | 294 Views
EDUCAUSE Resources for IT Security. Prepared by: Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE Presented by: Javier Torner Information Security Officer CSUSB. EDUCAUSE Roles. Monitor and Influence Public Policy
E N D
EDUCAUSE Resourcesfor IT Security Prepared by: Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE Presented by: Javier Torner Information Security Officer CSUSB
EDUCAUSE Roles • Monitor and Influence Public Policy • Congressional Committees – e.g., Homeland Security, Judiciary, Commerce, Gov’t Reform • Federal Agencies – DHS, FTC, NSF, etc. • White House – e.g., National Strategy • Representation of “Higher Ed Sector” • Critical Infrastructure Protection • Cybersecurity • EDUCAUSE/Internet2 Security Task Force
Strategic Partnerships • Government (Federal & States) • Cong. Putnam’s Corporate Info Sec Working Group • DHS National Cyber Security Division & US-CERT • NASCIO, Multi-State ISAC, & State H. Sec. Directors • Industry • Partnership for Critical Infrastructure Security • National Cyber Security Partnership • National Cyber Security Alliance • Cyber Security Forum for Higher Education • Academic • Education and Training • Research and Development
Higher Ed & Cybersecurity • Through its core mission of teaching and learning, it is the main source of our future leaders, innovators, and technical workforce. • Through research, it is the basic source of much of our new knowledge and subsequent technologies. • As complex institutions, colleges and universities operate some of the world’s largest collections of computers and high-speed networks.
Public Policy • Congressional Committees • House Committee on Homeland Security • Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity • House Committee on Government Reform • Senate Judiciary Committee • Senate/House Commerce Committees • Regulatory Agencies • Department of Homeland Security • Federal Trade Commission • Subscribe to Washington Update!www.educause.edu/policy
Higher Ed As a “Sector” • 17 Critical Infrastructure/Key Resources • Higher Ed is Not Among 17 • IT and Telecom are Critical Infrastructures • “Sector Specific Agencies” • National Response Plan (January 2005) • Interim National Infrastructure Protection Plan (February 2005)
Awareness and Training Goal To increase the awareness of the associated risks of computer and network use and the corresponding responsibilities of higher education executives and end-users of technology (faculty, staff, and students), and to further the professional development of information technology staff. Programs • Outreach to Higher Ed Associations and Beyond • Annual Security Professionals Conference • Education & Awareness Working Group Initiatives • Leadership Book on Computer & Network Security for Higher Ed • National Cyber Security Awareness Month • Cybersecurity Awareness Resource CD • Executive Awareness, Student Awareness, & Training of IT Staff
Standards, Policies, & Procedures Goal To develop information technology standards, policies, and procedures that are appropriate, enforceable, and effective within the higher education community. Program • EDUCAUSE D.C. Office - Public Policy and Government Relations • Institute for Computer Policy and Law • Policies and Legal Issues Working Group • Risk Assessment Working Group Initiatives • Principles to Guide Efforts to Improve Computer and Network Security in Higher Education • “IT Security for Higher Education: A Legal Perspective” • Collection of Security Policies & Procedures • Information Security Governance Assessment Tool • CISWG Report: “Best Practices & Metrics for Information Security”
Security Architecture and Tools Goal To design, develop, and deploy infrastructures, systems, and services that incorporate security as a priority; and to employ technology to monitor resources and minimize adverse consequences of security incidents. Programs • Effective Practices & Solutions Working Group • Internet2 Security Initiatives – SALSA: Security at Line Speed • PKI, Middleware, and Identity Management Initiatives Initiatives • Effective IT Security Practices Guide • Whitepaper on Automating Network Policy Enforcement • Information Security Governance Assessment Tool • Center for Internet Security Benchmarks
Organization & Info Sharing Goal To create the capacity for a college or university to effectively deploy a comprehensive security architecture (people, process, and technology), and to leverage the collective wisdom and expertise of the higher education community. Programs • Security Discussion Group • Annual Security Professionals Conference • Research & Education Networking ISAC (REN-ISAC) • Cyber Security Forum for Higher Education • National Cyber Security Partnership • Partnership for Critical Infrastructure Security Initiatives • Supporting State/Regional Security Efforts • Incident Response/Handling
What Can You Do? • Join and Contribute to Security Discussion Group • Submit Effective Security Practices and Solutions • Attend Annual Security Professionals Conference • Volunteer for Security Task Force Working Groups • Inform EDUCAUSE D.C. Policy Office About State/Local Government • Implement Local Solutions
For more information EDUCAUSE/Internet2 Security Task Force www.educause.edu/security Rodney Petersen rpetersen@educause.edu 202.331-5368