HEISC Town Hall Webinar: 2012-2013 Strategic Plan - PowerPoint PPT Presentation

Loading...

PPT – HEISC Town Hall Webinar: 2012-2013 Strategic Plan PowerPoint presentation | free to download - id: 6a4e6e-ODlkM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

HEISC Town Hall Webinar: 2012-2013 Strategic Plan

Description:

HEISC Town Hall Webinar: 2012-2013 Strategic Plan Host: Larry Conrad CIO, UNC-Chapel Hill & HEISC Co-Chair * * * * * * * * * * * * * * * * * * * * * * Today s ... – PowerPoint PPT presentation

Number of Views:7
Avg rating:3.0/5.0
Date added: 17 July 2019
Slides: 27
Provided by: ericb120
Learn more at: http://www.educause.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: HEISC Town Hall Webinar: 2012-2013 Strategic Plan


1
HEISC Town Hall Webinar2012-2013 Strategic Plan
  • Host
  • Larry Conrad
  • CIO, UNC-Chapel Hill
  • HEISC Co-Chair

2
Todays Agenda
  • Information security changes in the past 10 years
  • Ongoing challenges for security practitioners
  • HEISC strategic plan (2012-2013)
  • Vision
  • Mission
  • Goals objectives
  • HEISC working group updates
  • What can you do?

3
Information Security Changes in the Past 10 Years
  • Threats More serious e.g., nation states,
    organized crime
  • Vulnerabilities New technologies (e.g., social
    media, cloud, mobility) introduce new
    vulnerabilities
  • Impact Confidentiality, Integrity, Availability
    (CIA) recognized as mission critical

4
On the Plus Side
  • Increased awareness
  • Greater investments, including security staff
  • Staff professional development and training
  • Improved organization across higher ed
  • Better tools
  • More policies and standards
  • More strategic, proactive outlook
  • More effective practices are available

5
Ongoing Challenges for Security Practitioners
  • Executive awareness and support
  • Technology changes Mobility, outsourcing, cloud,
    IPv6
  • Benchmarks and metrics
  • Organizational dynamics Centralized,
    distributed, and affiliated centers
  • Funding for IT security
  • Staff resources and training

6
Ongoing Challenges (Contd)
  • Data standards, governance, and risk management
  • Data protection tools
  • Student and employee awareness
  • Academic continuity and disaster recovery
  • Legislation and compliance
  • Research data and process
  • International collaboration
  • Vendor relationships

7
HEISC Vision
  • Guide academic institutions in their quest to
    safeguard data, information systems, and networks
  • Protect the privacy of the higher education
    community
  • Ensure that information security is an integral
    part of campus activities and business processes

8
HEISC Mission
  • Improve information security, data protection,
    and privacy programs across the higher education
    sector
  • Develop and promote leadership awareness and
    understanding effective practices and policies
    and solutions for the protection of critical
    data, IT assets, and infrastructures
  • Accomplish activities through working groups of
    volunteers and staff
  • Coordinate and collaborate with government,
    industry, and other academic organizations

9
HEISC Goals
  1. Establish the Information Security Guide as the
    premier resource for security professionals.
  2. Improve security-related interorganizational
    collaboration with higher education stakeholders.
  3. Inform and educate campus leaders on information
    security issues by leveraging enterprise risk
    management (ERM) processes.
  4. Help institutions leverage their investments with
    regard to all IT products and services.
  5. Increase the effectiveness of communication
    efforts.

10
Objectives for Goal 1 Establish the Information
Security Guide as the premier resource for
security professionals
  • Toolkits, primers, and templates
  • Information security maturity model
  • Security requirements
  • Security practices in research environments
  • CISO duties and reporting line
  • Identity management (IdM) practices

11
Objectives for Goal 2 Improve security-related
collaboration with higher education stakeholders
  • EDUCAUSE, Internet2, and the REN-ISAC
  • Core Data Service and EDUCAUSE Data, Research,
    and Analytics staff
  • Other higher education associations, industry
    groups, and government
  • Higher education information security
    professionals

12
Objectives for Goal 3 Inform educate campus
leaders on information security issues by
leveraging ERM processes
  • ERM summit
  • Messaging, talking points, and presentation
    template
  • Other higher ed association meetings and
    conferences (e.g., URMIA, NACUBO, AAU)

13
Objectives for Goal 4 Help institutions
leverage their investments with regard to all IT
products and services
  • Vendor community outreach
  • Resources for IT products and services
  • Information sharing

14
Objectives for Goal 5 Increase the
effectiveness of communication efforts
  • Higher ed security professionals, CIOs, IT
    leaders
  • Wealth of resources in the Information Security
    Guide
  • Issues and successes in the .edu domain
  • HEISC volunteer opportunities

15
QA HEISC Goals and Objectives
16
HEISC Working Groups
  • Awareness Training (AT)
  • Governance, Risk, Compliance (GRC)
  • Technologies, Operations, Practices (TOP)
  • Information Security Guide Editorial Board
  • Security Professionals Conference Program
    Committee
  • Research and Education Networking Information
    Sharing and Analysis Center (REN-ISAC)

17
Awareness Training (AT)Co-Chairs Nicole
Kegler Ben Woelk
  • Student Poster Video Contest
  • National Cyber Security Awareness Month in
    October
  • Executive Awareness Communications
  • Partnering with the IT Communications Group New!
  • Data Privacy Month in January New!
  • Security Awareness Metrics
  • Outreach and Marketing

18
Governance, Risk, Compliance (GRC)Co-Chairs
Doug Markiewicz David Escalante
  • Recent publications Two-Factor Authentication,
    Data Incident Notification Toolkit,
  • Shared Assessments Project Team
  • Sensitive Data Exposure Incident Checklist New!
  • GRC Systems FAQ New!
  • Information Security Maturity Model New!
  • Essential Security Metrics New!
  • Top Info Security Concerns for Researchers New!

19
Technologies, Operations, Practices
(TOP)Co-Chairs Jim Taylor Marcos Vieyra
  • Recent publications Mobile Internet Device
    Security Guidelines, Dropbox Security Privacy
    Considerations, Full Disk Encryption Guide
  • Identify emerging technologies and their security
    implications New!
  • With the REN-ISAC, develop partnerships with
    vendors to improve information sharing
  • Facilitate state or local ISO gatherings New!

20
Information Security Guide Editorial
BoardCo-Chairs Ced Bennett Mary Dunker
  • Fresh look and feel New!
  • Emphasizing practical application of the Security
    Guide via conference presentations New!
  • Growing the content (nearly doubled in 2011)
  • Extending the Guide's exposure and reach (even
    beyond EDU) New!

21
Security Professionals Conference 2012Program
Chair Jodi Ito Vice Chair Paul Howell
  • May 15-17, 2012 in Indianapolis, IN
  • 10th annual conference
  • Focused on information security in higher ed
  • Premier forum for networking with security
    professionals
  • Theme Security Everywhere Exploring the
    Expanding World of Security
  • www.educause.edu/SEC12

22
REN-ISACTechnical Director Doug Pearson
  • Membership growth
  • Growth in relationships
  • Involvement in strategic industry groups
  • Implementation of Security Event System
  • Community Security
  • Partnership with SANS
  • Engagement in international standards work
  • Handling of 0-day vulnerability communications
  • Increase in number of notifications
  • Additional staff
  • Contact dodpears_at_ren-isac.net

23
QA HEISC Working Groups
24
What Can You Do?
  • Join the Security Discussion Group
    www.educause.edu/groups/security
  • Volunteer security-council_at_educause.edu
  • Find resources www.educause.edu/security
  • Attend Security 2012 www.educause.edu/sec12
  • Follow us _at_HEISCouncil
  • Contacts
  • Valerie Vogel (vvogel_at_educause.edu)
  • Rodney Petersen (rpetersen_at_educause.edu)

25
Look for These Hot Topics in 2012
  • Metrics Benchmarking
  • Cloud Computing Services
  • Consumerization Mobility
  • Enterprise Risk Management
  • IPv6
  • Privacy
  • Federated IdM
  • Addressing the decentralized university from a
    security perspective

26
Thank you for participating!If youd like to
get in touch with our speakers, please send an
e-mail to security-council_at_educause.edu
About PowerShow.com