it security and privacy in educational environments
Download
Skip this Video
Download Presentation
IT Security and Privacy in Educational Environments

Loading in 2 Seconds...

play fullscreen
1 / 28

IT Security and Privacy in Educational Environments - PowerPoint PPT Presentation


  • 297 Views
  • Uploaded on

IT Security and Privacy in Educational Environments. Terry Roebuck University of Saskatchewan. IT Security Issues in an Educational Environment. Understanding Security and Technology Differing Drivers and Resource Conflicts Administrative Requirement / Academic Need

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'IT Security and Privacy in Educational Environments' - Olivia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
it security and privacy in educational environments

IT Security and Privacy in Educational Environments

Terry Roebuck

University of Saskatchewan

it security issues in an educational environment
IT Security Issues in anEducational Environment
  • Understanding Security and Technology
  • Differing Drivers and Resource Conflicts
  • Administrative Requirement / Academic Need
  • Achieving Balance in Privacy and Security
  • Strategies for Success
  • Common Goals and Community
the technology of security
The Technology of Security
  • Security and privacy are not media dependent
  • Protection techniques are media dependent
  • Security and privacy rely on trust:
    • Trust in policy (to provide rules and guidance)
    • Trust in process (to ensure compliance)
    • Trust in technology (to deliver anticipated results)
    • Trust in people (to act responsibly)
slide5

C - Confidentiality

C

“Keep secrets”

slide6

C - Confidentiality

I - Integrity

C

I

“Keep data

intact”

slide7

C - Confidentiality

I - Integrity

C

I

A - Accessibility

A

- “Allow availability

on demand”

slide8

C - Confidentiality

I - Integrity

C

I

?

A - Accessibility

A

Security: somewhere around the intersection in The CIA Model

slide9

C - Confidentiality

* granularity & data mining

I - Integrity

C

I

  • Network
  • Hardware
  • Software
  • Procedures
  • People

A

A - Accessibility

* Timeliness & Scope

Complexities within the CIA Model

drivers opposing balance in privacy and security
Drivers Opposing Balance in Privacy and Security
  • IT security & privacy: addition or integration?
  • Separating security from technology
  • Technology (h/w, s/w, network) life cycles
  • Knowledge and the transience of community
  • Changing requirements and standards
  • Scalability in problems and solutions
  • The internal perception of responsibility
  • The public perception of blame
administrative requirements and academic needs
Administrative Requirementsand Academic Needs
  • Administration: Security, Stability & Consistency
    • Commercial (production) s/w may not be well designed for security within an open environment (assume an ‘Intranet’)
  • Academia: Flexibility, Capacity & Capability
    • Academic applications may be more robust but expects user management & control (ex: wireless devices, web browsing)
  • ‘Permit unless Denied’ or ‘Deny unless Permitted’?
so how much is too much

So How Much is Too Much?

IT Security verses Productivity in Educational Environments

too little security
Too Little Security

Net ‘Background Noise’ Affects Operations

Technology becomes unstable

Increased Risk of Critical Information Loss

High Risk of System Compromise Through Attack

too much security
Too Much Security

Device & network capability curtailed

Divergence of user & support resources

Diminished information accessibility

Increase risk of compromise through workarounds

how to strike a balance
How to Strike a Balance

- Understand our Community

- Understand our unique Risks

- Provide Education and Training

- Embrace ‘Security Best Practices’

- Target Defense Resources to Risk

- Use a Structured Methodology

- Be BOTH Reactive and Proactive

- Use Metrics, Records & Statistics

how to strike a balance17
How to Strike a Balance

- Understand our Community

- Understand our unique Risks

- Provide Education and Training

- Embrace ‘Security Best Practices’

- Target Defense Resources to Risk

- Use a Structured Methodology

- Be BOTH Reactive and Proactive

- Use Metrics, Records & Statistics

will all of this work
Will All of This Work?

No Guarantees!

- No Site is ‘fully secured”

- No Attack Detected is not ‘secured’

- Maintaining 100% Effort

- Conflicting Resource Demands

common goals and community
Common Goals and Community
  • Community members share a duty to security
  • Compromise will be required
  • There are no ‘sides’ - just advocates
    • Students advocate for open communication
    • Administration advocates for stable platforms
    • Faculty advocates for flexible functionality
academic administrative paradigm
Academic - Administrative Paradigm
  • Limited Resources Force Tough Choices
  • Communication Barriers
  • Critical Senior Management Involvement
  • Metrics and Reporting - “Fixing the Problems I See” - The perceived value of measurement and structure
tolerance for risk
Tolerance For Risk
  • Academic & Administrative see different risks
  • Risk can not be eliminated in either view
  • Risk can be mitigated and managed if known
  • Level of risk tolerance is a management issue
  • Risk education and awareness lacking
how to strike a balance23
How to Strike a Balance

Understanding Security

- Security is NOT full defense

- All Systems have ‘holes’

- Tied to Defense & Attack Effort

- Security: Risk Management

- Security: Due Diligence

- Security: A Management Function

- Security: Based on Policy

how to strike a balance24
How to Strike a Balance

Understanding Risk

- Determine Site Risk Tolerance

- Know What Could Be a Target

- Know Where Target is Located

- Know Who Seeks The Target

- Know Why They Seek The Target

- Know When Target is Vulnerable

how to strike a balance25
How to Strike a Balance

General ‘Security Best Practices’

- Assign Security as a Responsibility

- Awareness Training for Users

- Security Training for IT Staff

- Maintain Virus Detection Systems

- Patch Systems and Applications

- Limit Access & Capability by Need

- Log & Investigate Incidences

how to strike a balance26
How to Strike a Balance

Target Defense to Attack & Risk

- Focus Defense On Target Weakness

- Vary Security by Risk of Loss

- Make Security Application Oriented

- Provide Flexibility for Change

- Base Security in Unit Policy

how to strike a balance27
How to Strike a Balance

Use Structured Methodology

- Information Inventory

- Risk Assessment

- Mitigation Analysis & Planning

- Periodic Review

- Set Management Oversight

how to strike a balance28
How to Strike a Balance

Metrics, Records and Statistics

- Log Critical Events

- Maintain Site Records

- Investigate Anomalies

- Set & Maintain Site Standards

- Follow Security Trends

ad