EDUCAUSE Resources for IT Security

1
EDUCAUSE Resourcesfor IT Security

• Prepared by Rodney Petersen
• Policy Analyst Security Task Force Coordinator
• EDUCAUSE
• Presented by Javier Torner
• Information Security Officer
• CSUSB

2
EDUCAUSE Roles

• Monitor and Influence Public Policy
• Congressional Committees e.g., Homeland
  Security, Judiciary, Commerce, Govt Reform
• Federal Agencies DHS, FTC, NSF, etc.
• White House e.g., National Strategy
• Representation of Higher Ed Sector
• Critical Infrastructure Protection
• Cybersecurity
• EDUCAUSE/Internet2 Security Task Force

3
Strategic Partnerships

• Government (Federal States)
• Cong. Putnams Corporate Info Sec Working Group
• DHS National Cyber Security Division US-CERT
• NASCIO, Multi-State ISAC, State H. Sec.
  Directors
• Industry
• Partnership for Critical Infrastructure Security
• National Cyber Security Partnership
• National Cyber Security Alliance
• Cyber Security Forum for Higher Education
• Academic
• Education and Training
• Research and Development

4
Higher Ed Cybersecurity

• Through its core mission of teaching and
  learning, it is the main source of our future
  leaders, innovators, and technical workforce.
• Through research, it is the basic source of much
  of our new knowledge and subsequent technologies.
  
• As complex institutions, colleges and
  universities operate some of the worlds largest
  collections of computers and high-speed networks.

5
Public Policy

• Congressional Committees
• House Committee on Homeland Security
• Subcommittee on Economic Security, Infrastructure
  Protection, and Cybersecurity
• House Committee on Government Reform
• Senate Judiciary Committee
• Senate/House Commerce Committees
• Regulatory Agencies
• Department of Homeland Security
• Federal Trade Commission
• Subscribe to Washington Update!www.educause.edu/p
  olicy

6
Higher Ed As a Sector

• 17 Critical Infrastructure/Key Resources
• Higher Ed is Not Among 17
• IT and Telecom are Critical Infrastructures
• Sector Specific Agencies
• National Response Plan (January 2005)
• Interim National Infrastructure Protection Plan
  (February 2005)

7
Awareness and Training

• Goal
• To increase the awareness of the associated
  risks of computer and network use and the
  corresponding responsibilities of higher
  education executives and end-users of technology
  (faculty, staff, and students), and to further
  the professional development of information
  technology staff.
• Programs
• Outreach to Higher Ed Associations and Beyond
• Annual Security Professionals Conference
• Education Awareness Working Group
• Initiatives
• Leadership Book on Computer Network Security
  for Higher Ed
• National Cyber Security Awareness Month
• Cybersecurity Awareness Resource CD
• Executive Awareness, Student Awareness,
  Training of IT Staff

8
Standards, Policies, Procedures

• Goal
• To develop information technology standards,
  policies, and procedures that are appropriate,
  enforceable, and effective within the higher
  education community.
• Program
• EDUCAUSE D.C. Office - Public Policy and
  Government Relations
• Institute for Computer Policy and Law
• Policies and Legal Issues Working Group
• Risk Assessment Working Group
• Initiatives
• Principles to Guide Efforts to Improve Computer
  and Network Security in Higher Education
• IT Security for Higher Education A Legal
  Perspective
• Collection of Security Policies Procedures
• Information Security Governance Assessment Tool
• CISWG Report Best Practices Metrics for
  Information Security

9
Security Architecture and Tools

• Goal
• To design, develop, and deploy infrastructures,
  systems, and services that incorporate security
  as a priority and to employ technology to
  monitor resources and minimize adverse
  consequences of security incidents.
• Programs
• Effective Practices Solutions Working Group
• Internet2 Security Initiatives SALSA Security
  at Line Speed
• PKI, Middleware, and Identity Management
  Initiatives
• Initiatives
• Effective IT Security Practices Guide
• Whitepaper on Automating Network Policy
  Enforcement
• Information Security Governance Assessment Tool
• Center for Internet Security Benchmarks

10
Organization Info Sharing

• Goal
• To create the capacity for a college or
  university to effectively deploy a comprehensive
  security architecture (people, process, and
  technology), and to leverage the collective
  wisdom and expertise of the higher education
  community.
• Programs
• Security Discussion Group
• Annual Security Professionals Conference
• Research Education Networking ISAC (REN-ISAC)
• Cyber Security Forum for Higher Education
• National Cyber Security Partnership
• Partnership for Critical Infrastructure Security
• Initiatives
• Supporting State/Regional Security Efforts
• Incident Response/Handling

11
What Can You Do?

• Join and Contribute to Security Discussion Group
• Submit Effective Security Practices and Solutions
• Attend Annual Security Professionals Conference
• Volunteer for Security Task Force Working Groups
• Inform EDUCAUSE D.C. Policy Office About
  State/Local Government
• Implement Local Solutions

12
For more information

• EDUCAUSE/Internet2 Security Task Force
• www.educause.edu/security
• Rodney Petersen
• rpetersen_at_educause.edu
• 202.331-5368