It security and privacy in educational environments
Download
1 / 28

IT Security and Privacy in Educational Environments - PowerPoint PPT Presentation


  • 297 Views
  • Updated On :

IT Security and Privacy in Educational Environments. Terry Roebuck University of Saskatchewan. IT Security Issues in an Educational Environment. Understanding Security and Technology Differing Drivers and Resource Conflicts Administrative Requirement / Academic Need

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'IT Security and Privacy in Educational Environments' - Olivia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
It security and privacy in educational environments l.jpg

IT Security and Privacy in Educational Environments

Terry Roebuck

University of Saskatchewan


It security issues in an educational environment l.jpg
IT Security Issues in anEducational Environment

  • Understanding Security and Technology

  • Differing Drivers and Resource Conflicts

  • Administrative Requirement / Academic Need

  • Achieving Balance in Privacy and Security

  • Strategies for Success

  • Common Goals and Community


The technology of security l.jpg
The Technology of Security

  • Security and privacy are not media dependent

  • Protection techniques are media dependent

  • Security and privacy rely on trust:

    • Trust in policy (to provide rules and guidance)

    • Trust in process (to ensure compliance)

    • Trust in technology (to deliver anticipated results)

    • Trust in people (to act responsibly)



Slide5 l.jpg

C - Confidentiality

C

“Keep secrets”


Slide6 l.jpg

C - Confidentiality

I - Integrity

C

I

“Keep data

intact”


Slide7 l.jpg

C - Confidentiality

I - Integrity

C

I

A - Accessibility

A

- “Allow availability

on demand”


Slide8 l.jpg

C - Confidentiality

I - Integrity

C

I

?

A - Accessibility

A

Security: somewhere around the intersection in The CIA Model


Slide9 l.jpg

C - Confidentiality

* granularity & data mining

I - Integrity

C

I

  • Network

  • Hardware

  • Software

  • Procedures

  • People

A

A - Accessibility

* Timeliness & Scope

Complexities within the CIA Model


Drivers opposing balance in privacy and security l.jpg
Drivers Opposing Balance in Privacy and Security

  • IT security & privacy: addition or integration?

  • Separating security from technology

  • Technology (h/w, s/w, network) life cycles

  • Knowledge and the transience of community

  • Changing requirements and standards

  • Scalability in problems and solutions

  • The internal perception of responsibility

  • The public perception of blame


Administrative requirements and academic needs l.jpg
Administrative Requirementsand Academic Needs

  • Administration: Security, Stability & Consistency

    • Commercial (production) s/w may not be well designed for security within an open environment (assume an ‘Intranet’)

  • Academia: Flexibility, Capacity & Capability

    • Academic applications may be more robust but expects user management & control (ex: wireless devices, web browsing)

  • ‘Permit unless Denied’ or ‘Deny unless Permitted’?


So how much is too much l.jpg

So How Much is Too Much?

IT Security verses Productivity in Educational Environments



Too little security l.jpg
Too Little Security

Net ‘Background Noise’ Affects Operations

Technology becomes unstable

Increased Risk of Critical Information Loss

High Risk of System Compromise Through Attack


Too much security l.jpg
Too Much Security

Device & network capability curtailed

Divergence of user & support resources

Diminished information accessibility

Increase risk of compromise through workarounds


How to strike a balance l.jpg
How to Strike a Balance

- Understand our Community

- Understand our unique Risks

- Provide Education and Training

- Embrace ‘Security Best Practices’

- Target Defense Resources to Risk

- Use a Structured Methodology

- Be BOTH Reactive and Proactive

- Use Metrics, Records & Statistics


How to strike a balance17 l.jpg
How to Strike a Balance

- Understand our Community

- Understand our unique Risks

- Provide Education and Training

- Embrace ‘Security Best Practices’

- Target Defense Resources to Risk

- Use a Structured Methodology

- Be BOTH Reactive and Proactive

- Use Metrics, Records & Statistics


Will all of this work l.jpg
Will All of This Work?

No Guarantees!

- No Site is ‘fully secured”

- No Attack Detected is not ‘secured’

- Maintaining 100% Effort

- Conflicting Resource Demands


Common goals and community l.jpg
Common Goals and Community

  • Community members share a duty to security

  • Compromise will be required

  • There are no ‘sides’ - just advocates

    • Students advocate for open communication

    • Administration advocates for stable platforms

    • Faculty advocates for flexible functionality


It security is a community problem any solution will require community involvement and commitment l.jpg

IT securityis a community problem ... Any solution will require community involvementand commitment

[email protected]


Academic administrative paradigm l.jpg
Academic - Administrative Paradigm

  • Limited Resources Force Tough Choices

  • Communication Barriers

  • Critical Senior Management Involvement

  • Metrics and Reporting - “Fixing the Problems I See” - The perceived value of measurement and structure


Tolerance for risk l.jpg
Tolerance For Risk

  • Academic & Administrative see different risks

  • Risk can not be eliminated in either view

  • Risk can be mitigated and managed if known

  • Level of risk tolerance is a management issue

  • Risk education and awareness lacking


How to strike a balance23 l.jpg
How to Strike a Balance

Understanding Security

- Security is NOT full defense

- All Systems have ‘holes’

- Tied to Defense & Attack Effort

- Security: Risk Management

- Security: Due Diligence

- Security: A Management Function

- Security: Based on Policy


How to strike a balance24 l.jpg
How to Strike a Balance

Understanding Risk

- Determine Site Risk Tolerance

- Know What Could Be a Target

- Know Where Target is Located

- Know Who Seeks The Target

- Know Why They Seek The Target

- Know When Target is Vulnerable


How to strike a balance25 l.jpg
How to Strike a Balance

General ‘Security Best Practices’

- Assign Security as a Responsibility

- Awareness Training for Users

- Security Training for IT Staff

- Maintain Virus Detection Systems

- Patch Systems and Applications

- Limit Access & Capability by Need

- Log & Investigate Incidences


How to strike a balance26 l.jpg
How to Strike a Balance

Target Defense to Attack & Risk

- Focus Defense On Target Weakness

- Vary Security by Risk of Loss

- Make Security Application Oriented

- Provide Flexibility for Change

- Base Security in Unit Policy


How to strike a balance27 l.jpg
How to Strike a Balance

Use Structured Methodology

- Information Inventory

- Risk Assessment

- Mitigation Analysis & Planning

- Periodic Review

- Set Management Oversight


How to strike a balance28 l.jpg
How to Strike a Balance

Metrics, Records and Statistics

- Log Critical Events

- Maintain Site Records

- Investigate Anomalies

- Set & Maintain Site Standards

- Follow Security Trends


ad