Corporate Forum Presented by

Slides:

Advertisements

Similar presentations

Philippine Cybercrime Efforts

Advertisements

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10,

David A. Brown Chief Information Security Officer State of Ohio

National Infrastructure Protection Plan

DHS, National Cyber Security Division Overview

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

CIAO July Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.

1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess February 3, 2004.

Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force Steve Worona Director of Policy and Networking Programs EDUCAUSE CISSE Washington,

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

NASPA Conference March 28, 2004 Presented by: Carole W. Middlebrooks University of Georgia.

Food and Agriculture Sector Coordinating Councils John L. Williams, DVM U.S. Department of Agriculture AFDO Annual Conference Kansas City, MO June 7, 2005.

Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.

US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.

Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.

INTOSAI Public Debt Working Group Updating of the Strategic Plan Richard Domingue Office of the Auditor General of Canada June 14, 2010.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

Crosswalk of Public Health Accreditation and the Public Health Code of Ethics Highlighted items relate to the Water Supply case studied discussed in the.

Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University

Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.

EDUCAUSE LIVE EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess January 21, 2004.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

UNCLASSIFIED Homeland Security Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.

Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.

NMI-EDIT AND Small College Security & ID Management Issues Discussion John Bruggeman, Director of Information Systems, Hebrew Union College-Jewish Institute.

Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.

EDUCAUSE/Internet2 Computer & Network Security Task Force Update Dan Updegrove VP for IT, University of Texas at Austin Task Force Co-chair Tempe,

Foresight Planning & Strategy Dr. Sameh Aboul Enein.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center Doug Pearson REN-ISAC Director Internet2 Security WG BoF October 14,

April 19 th, 2016 Governors Homeland Security and All-Hazards Cyber Security Sub-Committee.

Earth’s Mightiest Heroes: Combating the Evils Lurking in Cyberspace

Welcome and Introduction January 11, 2017

BruinTech Vendor Meet & Greet December 3, 2015

Making Cross-campus, Inter-institutional Collaborations Work

EDUCAUSE/Internet2 Computer & Network Security Task Force

Higher Education Information Security Council

Cybersecurity, competence and preparedness

Crisis management related research at

Ken Watson 9 Sep 2003 Critical Infrastructure Assurance: Business Case for Public-Private Partnership Ken Watson 9 Sep 2003

Educause/Internet 2 Computer and Network Security Task Force

INFORMATION SECURITY IN ARMENIA: PRESENT STATUS AND TASKS

California Cybersecurity Integration Center (Cal-CSIC)

Advanced Threat Protection

The National Initiative for Cybersecurity Education (NICE) AFCEA International Cyber Education, Research, and Training Symposium January 17, 2018 Bill.

9/16/2018 The ACT Government’s commitment to Performance and Accountability – the role of Evaluation Presentation to the Canberra Evaluation Forum Thursday,

8 Building Blocks of National Cyber Strategies

By: Tekeste Berhan Habtu Chief Executive Officer Venue: African Union

Vision Facilitation Template

Governance and leadership roles for equality and diversity in Colleges

Role for Electric Sector in Critical Infrastructure Protection R&D

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Office of Secretary of Defense

Cybersecurity ATD technical

Diversity & Inclusion at UCONN

From The Outside Looking In To The Inside Looking Out

Corporate Program Update

Prevention, Intelligence

Presentation transcript:

Corporate Forum Presented by EDUCAUSE/Internet2 Computer and Network Security Task Force & EDUCAUSE Center for Applied Research (ECAR)

Introduction Background of the Security Task Force Coordination with Higher Education IT Alliance ACE, AAU, NASULGC, AASCU, NAICU, AACC, etc. Summary of Accomplishments Framework for Action Higher Education Contribution to the National Strategy ACE Letter to Presidents White Paper on Legal Issues Leadership Strategies Book on Security Introduction of Task Force Leadership

Cyber Security Forum for Higher Education The purpose of the Cyber Security Forum for Higher Education is to create a forum for the discussion of higher education computer and network security issues between the corporate community and the EDUCAUSE/Internet2 Computer and Network Security Task Force with the goal of improving higher education cyber security through mutual efforts.

Strategic Goals The Security Task Force received a grant from National Science Foundation to identify and implement a coordinated strategy for computer and network security for higher education. The following strategic goals have been identified: Education and Awareness Standards, Policies, and Procedures Security Architecture and Tools Organization, Information Sharing, and Incident Response

Education and Awareness To increase the awareness of the associated risks of computer and network use and the corresponding responsibilities of higher education executives and end-users of technology (faculty, staff, and students), and to further the professional development of information technology staff.

Standards, Policies, & Procedures To develop information technology standards, policies, and procedures that are appropriate, enforceable, and effective within the higher education community.

Security Architecture and Tools To design, develop, and deploy infrastructures, systems, and services that incorporate security as a priority; and to employ technology to monitor resources and minimize adverse consequences of security incidents.

Organization, Information Sharing, and Incident Response To create the capacity for a college or university to effectively deploy a comprehensive security architecture (education, policy, and technology), and to leverage the collective wisdom and expertise of the higher education community.

Projects and Initiatives Education and Awareness Initiative Annual Security Professionals Workshop Legal Issues and Institutional Policies Risk Assessment Method and Tools Effective Security Practices Guide Research and Development Initiatives Vendor Engagement and Partnerships Research and Educational Networking Information Sharing & Analysis Center

The National Strategy to Secure Cyberspace The National Strategy encourages colleges and universities to secure their cyber systems by establishing some or all of the following as appropriate: one or more Information Sharing and Analysis Centers to deal with cyber attacks and vulnerabilities; an on-call point-of-contact to Internet service providers and law enforcement officials in the event that the school’s IT systems are discovered to be launching cyber attacks; model guidelines empowering Chief Information Officers (CIOs) to address cybersecurity; one or more sets of best practices for IT security; and, model user awareness programs and materials.

Origins of ISACs The development of ISACs was encouraged by Presidential Decision Directive (Clinton PDD 63: Protecting America's Critical Infrastructures), to serve as the "mechanism for gathering of vulnerabilities, threats, intrusions, and anomalies" information from participating institutions, analyzing and developing a recommended response, and disseminating information so that the member institutions can better defend and secure their technology environment and operations.

The National Strategy on ISAC’s “The National Cyberspace Security Response System is a public-private architecture, coordinated by the Department of Homeland Security, for analyzing and warning; managing incidents of national significance; promoting continuity in government systems and private sector infrastructures; and increasing information sharing across and between organizations to improve cyberspace security. The National Cyberspace Security Response System will include governmental entities and nongovernmental entities, such as private sector information sharing and analysis centers (ISACs)."

Research and Education Networking ISAC at Indiana U The REN-ISAC acts as the security information collection, analysis, dissemination, and early-warning organization specifically designed to support the unique environment and needs of organizations connected to higher education and research networks. With various information inputs at its disposal, the REN-ISAC has a unique aggregate view of the current and near-future security situation in the higher education community. With these inputs and with appropriate synthesis and analytic tools, along with access to experienced incident response staff, the REN-ISAC is distinctively positioned to provide early warning about imminent threats, along with applicable response or self-defense advice, to the higher education and research networking community.

Receive and Analyze Operational Threat, Warning, and Attack Info Received from the NIPC, other ISACs, and various other sources Received from ISAC member campuses related to incidents on local network backbones Received from network engineers related to incidents on national R&E network backbones Derived from network instrumentation Analysis would be performed by network and security engineers, and possibly by the Advanced Network Management Lab, related to: Unscheduled outages and degraded operations Security-related events such as DDoS attacks, virus alerts, systematic network vulnerabilities scanning, systematic spoofing Other anomalies that constitute or may constitute a serious threat to the networks and associated systems of the REN-ISAC membership

What the REN-ISAC Needs From The Corporate Community Information Sharing Points of Contact Early Notification of Vulnerabilities Cooperative Agreements and Relationships (i.e., Partnerships) The National Strategy to Secure Cyberspace has called for “voluntary partnerships among government, industry, academia, and nongovernmental groups to secure and defend cyberspace.”

Higher Ed IT Environments Technology Environment Distributed computing and wide range of hardware and software from outdated to state-of-the-art Increasing demands for distributed computing, distance learning and mobile/wireless capabilities which create unique security challenges Leadership Environment Reactive rather than proactive Lack of clearly defined goals (what do we need to protect and why) Academic Culture Persistent belief that security & academic freedom are antithetical Tolerance, experimentation, and anonymity highly valued

Campus Incidents “Damage Control: When Your Security Incident Hits the 6 O’Clock News” Georgia Tech University of Kansas The University of Texas, Austin Microsoft SQL Slammer Incident Cisco Router Vulnerability Microsoft RPC Vulnerability Worms and Viruses!!!

Security Research Initiatives Objective: Develop metrics that both identify the cost of security, the cost of not securing assets, and measures to account for progress. Examples of Initiatives Incident Cost and Analysis Modeling Projects – ICAMP-I (1998) and ICAMP-II (2000) The Computer Incident Factor Analysis and Categorization Project or ICAMP-III Effective Security Practices Guide Risk Assessment Models and Tools ECAR Security Study Report

Conclusions Higher Education Cares About Security Higher Education Security Is Extremely Complex Higher Education Has Been Hit Very Hard By Recent Events Higher Education Is Prepared To Make Tradeoffs Differently Today Than Previously Higher Education Needs Help From The Vendor Community

Discussion Question 1: What is the responsibility of the higher education community? Question 2: What is the responsibility of the vendor community? Question 3: How can we work together to improve security for higher education?

BREAK

Question 1 Are there practices that higher education could adopt on a more widespread basis to improve computer and network security for the enterprise?

Question 2 What are the challenges, obstacles, and barriers (real or perceived) for hardware/software vendors providing institutions with secure products “out-of-the-box”? What strategies or solutions could the corporate community or EDUCAUSE pursue to overcome those challenges?

Question 3 How can corporate partners and EDUCAUSE, and the EDUCAUSE membership, work together to improve computer and network security? What do you think of the Cyber Security Forum for Higher Education? What does it mean for your organization to participate? How would you imagine participating?

Summary of Discussions