1 / 21

Cyber Security Education Workshop: Enhancing Awareness in Educational Institutions

This workshop aims to bring together representatives from schools and higher education institutions to create partnerships, strategies, and implementation plans to increase cyber security awareness among faculty, staff, and students. The outcomes include conducting an inventory of related work programs, identifying key stakeholders, providing recommendations for integrating programs, and suggesting new initiatives for enhancing security awareness. The various accomplishments, strategic goals, and recommendations from the workshop are highlighted to propel educational institutions towards a more secure cyber environment.

tartis
Download Presentation

Cyber Security Education Workshop: Enhancing Awareness in Educational Institutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD

  2. Purpose To bring together representatives from schools and institutions of higher education (K-20) to create partnerships, strategies, and implementation plans to increase cyber security awareness among our constituencies.

  3. Workshop Outcomes • Conduct an Inventory of Related Work Programs and Products • Identify Key Stakeholders and Interdependencies • Provide Recommendations for Integrating Related Work Programs • Provide Recommendations for New Initiatives

  4. Schools & Higher Education Working Group Action Items • Action Plan and Milestones • Outline of Programs • March 1st • 6 months (August) • 12 months (January 2005) • Beyond

  5. Agenda • Information Assurance Tools and the Learning Continuum • Welcome and Introductions • Inventory and Demonstration of Security Awareness Initiatives • Security Awareness Strategy and Implementation Plan

  6. EDUCAUSE/Internet2 Computer and Network Security Task Force Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security Task Force Coordinator

  7. Strategic Goals The Security Task Force received a grant from National Science Foundation to identify and implement a coordinated strategy for computer and network security for higher education. The following strategic goals have been identified: • Education and Awareness • Standards, Policies, and Procedures • Security Architecture and Tools • Organization, Information Sharing, and Incident Response

  8. Education and Awareness To increase the awareness of the associated risks of computer and network use and the corresponding responsibilities of higher education executives and end-users of technology (faculty, staff, and students), and to further the professional development of information technology staff.

  9. Awareness Programs • Only one-third of our institutions have a formal awareness program for students, faculty, or staff – ECAR Study (2003) • The National Strategy recommends that institutions of higher education identify and adopt model user awareness programs and materials

  10. Accomplishments – Web Site • A Resource on Computer and Network Security for the Higher Education Community at http://www.educause.edu/security • Collection of "Education and Awareness Programs and Resources" at http://www.educause.edu/security/resources/awareness.asp

  11. Accomplishments - Publications • Leadership Book: Computer and Network Security in Higher Education • Effective Security Practices Guidehttp://www.educause.edu/security/guide • Articles in EDUCAUSE Review, EDUCAUSE Quarterly, & University Business Magazine • White Paper on “IT Security in Higher Education: A Legal Perspective”

  12. Accomplishments - Outreach • Conference Presentations • EDUCAUSE National, Regionals, and Other Events • Internet2 Member Meetings • Higher Education IT Alliance • Higher Education Associations • Annual EDUCAUSE/Internet2 Security Professionals Workshop • Letter to Presidents from the American Council on Education

  13. Message to Presidents (Feb 2003) • Set the tone: ensure that all campus stakeholders know that you take Cybersecurity seriously. Insist on community-wide awareness and accountability. • Establish responsibility for campus-wide Cybersecurity at the cabinet level. At a large university, this responsibility might be assigned to the Chief Information Officer. At a small college, this person may have responsibility for many areas, including the institutional computing environment. • Ask for a periodic Cybersecurity risk assessment that identifies the most important risks to your institution. Manage these risks in the context of institutional planning and budgeting. • Request updates to your Cybersecurity plans on a regular basis in response to the rapid evolution of the technologies, vulnerabilities, threats, and risks. David Ward President, American Council on Education

  14. New Awareness Campaign www.microsoft.com/education/?ID=SecurityPosters

  15. Recommendations • Campus-wide security awareness campaigns • Develop how to and best practices security guides • Make training for sys admin in securing machines and devices a requirement • Share training and educational materials across our campuses • Develop security training and education courses for staff students and faculty NSF Workshop Results – Fall 2002

  16. For more information: EDUCAUSE/Internet2Computer and Network Security Task Force http://www.educause.edu/security Email: rpetersen@educause.edu

  17. Recommendations • Key Deliverables with Timelines • Metrics • Lead Organizations Responsible • Resource Requirements and Recommended/Committed Resource

  18. Moving from Strategy to Action • Why? National Strategy! • What? Nat’l Strategy – Strategic Level • What? Tactical • How? Operational • When? Timeframes and Metrics • Who? Audience and Assignment

  19. Elements of Implementation Plan • Provide Recommendations for Integrating Related Work Programs • Provide Recommendations for New Initiatives • Identify Key Stakeholders and Interdependencies

  20. Organizing Implementation Plan • Brainstorm • Evaluate Ideas • Sort and Combine Similar Ideas • Prioritize Ideas • March 1st • 6 months (August) • 12 months (January 2005) • Beyond • Resource Requirements • Lead Organization(s) Responsible

  21. Evaluation 1. What were the most significant outcomes of the workshop for you? 2. What aspects were least helpful? 3. Rate the quality and organization of the workshop (10 =excellent) Why did you mark it where you did? 4. My advice on next steps

More Related