1 / 12

EDUCAUSE/Internet2 Computer and Network Security Task Force

EDUCAUSE/Internet2 Computer and Network Security Task Force. Presented by Jack Suess and Gordon Wishon Security Task Force Co-Chairs. 2003 Accomplishments. Web Resource: www.educause.edu/security

hani
Download Presentation

EDUCAUSE/Internet2 Computer and Network Security Task Force

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EDUCAUSE/Internet2 Computer and Network Security Task Force Presented by Jack Suess and Gordon WishonSecurity Task Force Co-Chairs

  2. 2003 Accomplishments • Web Resource: www.educause.edu/security • Research and Educational Networking Information Sharing and Analysis Center (REN-ISAC) at Indiana University • The National Strategy to Secure Cyberspace • ACE Letter to Presidents • Commissioned White Paper on Legal Issues • 1st Annual Security Professionals Workshop • Coordinated or Conducted Outreach Programs • Authored Leadership Book on Security

  3. The National Strategy to Secure Cyberspace The National Strategy encourages colleges and universities to secure their cyber systems by establishing some or all of the following as appropriate: • one or more Information Sharing and Analysis Centers to deal with cyber attacks and vulnerabilities; • an on-call point-of-contact to Internet service providers and law enforcement officials in the event that the school’s IT systems are discovered to be launching cyber attacks; • model guidelines empowering Chief Information Officers (CIOs) to address cybersecurity; • one or more sets of best practices for IT security; and, • model user awareness programs and materials.

  4. Computer Incident Factor Analysis and Categorization Project

  5. Message to Presidents • Set the tone: ensure that all campus stakeholders know that you take Cybersecurity seriously. Insist on community-wide awareness and accountability. • Establish responsibility for campus-wide Cybersecurity at the cabinet level. At a large university, this responsibility might be assigned to the Chief Information Officer. At a small college, this person may have responsibility for many areas, including the institutional computing environment. • Ask for a periodic Cybersecurity risk assessment that identifies the most important risks to your institution. Manage these risks in the context of institutional planning and budgeting. • Request updates to your Cybersecurity plans on a regular basis in response to the rapid evolution of the technologies, vulnerabilities, threats, and risks. David Ward President, American Council on Education

  6. Strategic Goals The Security Task Force received a grant from National Science Foundation to identify and implement a coordinated strategy for computer and network security for higher education. The following strategic goals have been identified: • Education and Awareness • Standards, Policies, and Procedures • Security Architecture and Tools • Organization, Information Sharing, and Incident Response

  7. Projects and Initiatives • Education and Awareness Initiative • Annual Security Professionals Workshop • Legal Issues and Institutional Policies • Risk Assessment Method and Tools • Effective Security Practices Guide • Research and Development Initiatives • Research and Educational Networking Information Sharing & Analysis Center • Vendor Engagement and Partnerships

  8. Research and Education Networking ISAC at Indiana U The REN-ISAC acts as the security information collection, analysis, dissemination, and early-warning organization specifically designed to support the unique environment and needs of organizations connected to higher education and research networks. With various information inputs at its disposal, the REN-ISAC has a unique aggregate view of the current and near-future security situation in the higher education community. With these inputs and with appropriate synthesis and analytic tools, along with access to experienced incident response staff, the REN-ISAC is distinctively positioned to provide early warning about imminent threats, along with applicable response or self-defense advice, to the higher education and research networking community.

  9. Education and Awareness Initiative • Goal: To increase the awareness of the associated risks of computer and network use and the corresponding responsibilities of higher education executives and end-users of technology (faculty, staff, and students), and to further the professional development of information technology staff. • Examples of New Initiatives: • Security News – Electronic Newsletter • Expand Collection of “Education and Awareness Programs and Resources” • Facilitate Sharing of Training and Educational Materials Across Campuses • Identify Education and Awareness Needs and Fill the Gap • Promote and Facilitate the Training of IT Professionals on Security

  10. Security Professionals Workshop • May 16-18, 2004 – Washington, D.C. • Call for Proposals • Security Technology • Security Management • Security Policy and Law • Pre-Conference Tutorials, Keynote Speaker, Concurrent Sessions, and Closing Plenary • Encourage the person responsible for security at your institution to attend!

  11. Effective Security Practices Guide

  12. Cyber Security Forum for Higher Education The purpose of the Cyber Security Forum for Higher Education is to create a forum for the discussion of higher education computer and network security issues between the corporate community and the EDUCAUSE/Internet2 Computer and Network Security Task Force with the goal of improving higher education cyber security through mutual efforts.

More Related