Transcript Resources for Cybersecurity

Higher Education
Cybersecurity Strategy,
Programs, and Initiatives
Rodney Petersen
Policy Analyst &
Security Task Force Coordinator
EDUCAUSE
Higher Ed & Cybersecurity
Through its core mission of teaching and
learning, it is the main source of our future
leaders, innovators, and technical workforce.
Through research, it is the basic source of much
of our new knowledge and subsequent
technologies.
As complex institutions, colleges and universities
operate some of the world’s largest collections
of computers and high-speed networks.
Aim of Cybersecurity
Confidentiality - Computers, systems, and
networks that contain information require protection
from unauthorized use or disclosure.
Integrity - Computers, systems, and networks that
contain information must be protected from
unauthorized, unanticipated, or unintentional
modification.
Availability - Computers, systems and networks
must be available on a timely basis to meet mission
requirements or to avoid substantial losses.
Strategic Goals of the
Security Task Force
The Security Task Force received a grant from
National Science Foundation to identify and
implement a coordinated strategy for computer
and network security for higher education. The
following strategic goals have been identified:




Education and Awareness
Standards, Policies, and Procedures
Security Architecture and Tools
Organization and Information Sharing
Awareness and Training
Goal
To increase the awareness of the associated risks of computer and
network use and the corresponding responsibilities of higher
education executives and end-users of technology (faculty, staff, and
students), and to further the professional development of information
technology staff.
Programs
 Outreach to Higher Ed Associations and Beyond
 Annual Security Professionals Conference
 Education & Awareness Working Group
Initiatives




Leadership Book on Computer & Network Security for Higher Ed
National Cyber Security Awareness Month
Cybersecurity Awareness Resource CD
Executive Awareness, Student Awareness, & Training of IT Staff
Standards, Policies, & Procedures
Goal
To develop information technology standards, policies, and procedures
that are appropriate, enforceable, and effective within the higher
education community.
Program




EDUCAUSE D.C. Office - Public Policy and Government Relations
Institute for Computer Policy and Law
Policies and Legal Issues Working Group
Risk Assessment Working Group
Initiatives
 Principles to Guide Efforts to Improve Computer and Network
Security in Higher Education
 “IT Security for Higher Education: A Legal Perspective”
 Collection of Security Policies & Procedures
 Information Security Governance Assessment Tool
 CISWG Report: “Best Practices & Metrics for Information Security”
Security Architecture and Tools
Goal
To design, develop, and deploy infrastructures, systems, and
services that incorporate security as a priority; and to employ
technology to monitor resources and minimize adverse
consequences of security incidents.
Programs
 Effective Practices & Solutions Working Group
 Internet2 Security Initiatives – SALSA: Security at Line Speed
 PKI, Middleware, and Identity Management Initiatives
Initiatives




Effective IT Security Practices Guide
Whitepaper on Automating Network Policy Enforcement
Information Security Governance Assessment Tool
Center for Internet Security Benchmarks
Organization & Info Sharing
Goal
To create the capacity for a college or university to effectively deploy
a comprehensive security architecture (people, process, and
technology), and to leverage the collective wisdom and expertise of
the higher education community.
Programs






Security Discussion Group
Annual Security Professionals Conference
Research & Education Networking ISAC (REN-ISAC)
Cyber Security Forum for Higher Education
National Cyber Security Partnership
Partnership for Critical Infrastructure Security
Initiatives
 Supporting State/Regional Security Efforts
 Incident Response/Handling
For more information
EDUCAUSE/Internet2 Security Task Force
www.educause.edu/security
Rodney Petersen
[email protected]
202.331.5368